admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-492xx/CVE-2022-49285.json

33 lines
3.0 KiB
JSON
Raw Normal View History

Auto-Update: 2025-02-26T19:00:22.362560+00:00
2025-02-26 19:03:52 +00:00
{
"id": "CVE-2022-49285",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:05.360",
"lastModified": "2025-02-26T07:01:05.360",
Auto-Update: 2025-03-09T03:00:19.873769+00:00
2025-03-09 03:03:50 +00:00
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2025-02-26T19:00:22.362560+00:00
2025-02-26 19:03:52 +00:00
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: mma8452: use the correct logic to get mma8452_data\n\nThe original logic to get mma8452_data is wrong, the *dev point to\nthe device belong to iio_dev. we can't use this dev to find the\ncorrect i2c_client. The original logic happen to work because it\nfinally use dev->driver_data to get iio_dev. Here use the API\nto_i2c_client() is wrong and make reader confuse. To correct the\nlogic, it should be like this\n\n struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));\n\nBut after commit 8b7651f25962 (\"iio: iio_device_alloc(): Remove\nunnecessary self drvdata\"), the upper logic also can't work.\nWhen try to show the avialable scale in userspace, will meet kernel\ndump, kernel handle NULL pointer dereference.\n\nSo use dev_to_iio_dev() to correct the logic.\n\nDual fixes tags as the second reflects when the bug was exposed, whilst\nthe first reflects when the original bug was introduced."
Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: accel: mma8452: usa la l\u00f3gica correcta para obtener mma8452_data La l\u00f3gica original para obtener mma8452_data es incorrecta, el punto *dev al dispositivo pertenece a iio_dev. No podemos usar este dev para encontrar el i2c_client correcto. La l\u00f3gica original funcion\u00f3 porque finalmente us\u00f3 dev->driver_data para obtener iio_dev. Aqu\u00ed, usar la API to_i2c_client() es incorrecto y confunde al lector. Para corregir la l\u00f3gica, deber\u00eda ser as\u00ed struct mma8452_data *data = iio_priv(dev_get_drvdata(dev)); Pero despu\u00e9s de el commit 8b7651f25962 (\"iio: iio_device_alloc(): eliminar drvdata propios innecesarios\"), la l\u00f3gica superior tampoco puede funcionar. Cuando se intenta mostrar la escala disponible en el espacio de usuario, se produce un volcado del kernel y una desreferencia del puntero NULL del manejador del kernel. Por lo tanto, se utiliza dev_to_iio_dev() para corregir la l\u00f3gica. Dual corrige las etiquetas, ya que la segunda refleja cu\u00e1ndo se expuso el error, mientras que la primera refleja cu\u00e1ndo se introdujo el error original."
Auto-Update: 2025-02-26T19:00:22.362560+00:00
2025-02-26 19:03:52 +00:00
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c0bb583a4444cce224e8661090cbffc98e2fe07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c87b7b12f48db86ac9909894f4dc0107d7df6375",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2d9ebdbff79d87d27652578e6d1638ad3b5f3bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue Copy Permalink