CVE-2022-49507: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841 Read of size 1 at addr ffff88803678cdf1 by task xrun/9137 CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88 print_report.cold+0xcd/0x69b mm/kasan/report.c:313 kasan_report+0x8e/0xc0 mm/kasan/report.c:491 __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841 __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266 __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394 da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039 i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563 This happend when da9121 device is probe by da9121_i2c_id, but with invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later da9121_assign_chip_model() will access 'regmap' without init it. Fix it by return -EINVAL from da9121_assign_chip_model() if 'chip->subvariant_id' is invalid.
AI Analysis
Technical Summary
CVE-2022-49507 is a vulnerability identified in the Linux kernel, specifically within the regulator driver for the da9121 device. The issue arises from an uninitialized value in the function da9121_assign_chip_model(). The vulnerability manifests when the da9121 device is probed with an invalid device tree source (DTS) configuration, causing the chip->subvariant_id to be set to an invalid error code (-EINVAL). Subsequently, the function attempts to access the 'regmap' structure without proper initialization, leading to a slab-out-of-bounds read detected by Kernel Address Sanitizer (KASAN). This out-of-bounds read occurs in the __regmap_init function, which is part of the Linux kernel's register map subsystem used for abstracting hardware register access. The bug trace shows that the issue triggers during the probing phase of the da9121 I2C device, potentially causing kernel instability or crashes. The root cause is improper error handling in da9121_assign_chip_model(), which fails to return an error when chip->subvariant_id is invalid, leading to dereferencing uninitialized pointers. The fix involves modifying da9121_assign_chip_model() to return -EINVAL immediately if the subvariant_id is invalid, preventing further unsafe memory access. This vulnerability affects Linux kernel versions containing the specified commit hashes prior to the fix and is relevant to systems using the da9121 regulator driver, commonly found in embedded or specialized hardware platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49507 depends largely on the deployment of Linux systems utilizing the da9121 regulator driver, which is typically found in embedded devices or specialized hardware rather than general-purpose servers or desktops. If exploited, this vulnerability could lead to kernel crashes or denial of service (DoS) conditions, potentially disrupting critical services or embedded system operations. While it does not directly enable privilege escalation or remote code execution, the instability caused could be leveraged in multi-stage attacks or cause operational outages. Organizations relying on embedded Linux devices in industrial control systems, telecommunications infrastructure, or IoT deployments may face increased risk. The vulnerability's exploitation requires invalid device tree configurations, which might be introduced via misconfiguration or malicious firmware updates. Therefore, the threat is more pronounced in environments where device firmware or kernel modules are updated without strict validation. The absence of known exploits reduces immediate risk, but the potential for DoS and system instability warrants attention, especially in sectors where embedded Linux devices are critical to operations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Ensure all Linux kernel instances running on embedded or specialized hardware are updated to versions containing the fix for CVE-2022-49507. This involves applying the latest stable kernel patches or vendor-provided updates that address the da9121_assign_chip_model() error handling. 2) Audit device tree source (DTS) configurations for the da9121 device to confirm validity and prevent invalid subvariant_id assignments. Implement strict validation and testing of DTS files before deployment. 3) Restrict firmware and kernel module updates to trusted sources with cryptographic verification to prevent injection of malformed configurations that could trigger this vulnerability. 4) Monitor kernel logs for KASAN or slab-out-of-bounds warnings related to regmap or da9121 during device probing, which may indicate attempts to exploit or misconfiguration. 5) For organizations deploying embedded Linux devices at scale, integrate automated configuration management and continuous integration testing to detect and prevent invalid device tree configurations. 6) Engage with hardware vendors to confirm whether their devices include the affected driver and request patched firmware or kernel versions if necessary.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2022-49507: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841 Read of size 1 at addr ffff88803678cdf1 by task xrun/9137 CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88 print_report.cold+0xcd/0x69b mm/kasan/report.c:313 kasan_report+0x8e/0xc0 mm/kasan/report.c:491 __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841 __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266 __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394 da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039 i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563 This happend when da9121 device is probe by da9121_i2c_id, but with invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later da9121_assign_chip_model() will access 'regmap' without init it. Fix it by return -EINVAL from da9121_assign_chip_model() if 'chip->subvariant_id' is invalid.
AI-Powered Analysis
Technical Analysis
CVE-2022-49507 is a vulnerability identified in the Linux kernel, specifically within the regulator driver for the da9121 device. The issue arises from an uninitialized value in the function da9121_assign_chip_model(). The vulnerability manifests when the da9121 device is probed with an invalid device tree source (DTS) configuration, causing the chip->subvariant_id to be set to an invalid error code (-EINVAL). Subsequently, the function attempts to access the 'regmap' structure without proper initialization, leading to a slab-out-of-bounds read detected by Kernel Address Sanitizer (KASAN). This out-of-bounds read occurs in the __regmap_init function, which is part of the Linux kernel's register map subsystem used for abstracting hardware register access. The bug trace shows that the issue triggers during the probing phase of the da9121 I2C device, potentially causing kernel instability or crashes. The root cause is improper error handling in da9121_assign_chip_model(), which fails to return an error when chip->subvariant_id is invalid, leading to dereferencing uninitialized pointers. The fix involves modifying da9121_assign_chip_model() to return -EINVAL immediately if the subvariant_id is invalid, preventing further unsafe memory access. This vulnerability affects Linux kernel versions containing the specified commit hashes prior to the fix and is relevant to systems using the da9121 regulator driver, commonly found in embedded or specialized hardware platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49507 depends largely on the deployment of Linux systems utilizing the da9121 regulator driver, which is typically found in embedded devices or specialized hardware rather than general-purpose servers or desktops. If exploited, this vulnerability could lead to kernel crashes or denial of service (DoS) conditions, potentially disrupting critical services or embedded system operations. While it does not directly enable privilege escalation or remote code execution, the instability caused could be leveraged in multi-stage attacks or cause operational outages. Organizations relying on embedded Linux devices in industrial control systems, telecommunications infrastructure, or IoT deployments may face increased risk. The vulnerability's exploitation requires invalid device tree configurations, which might be introduced via misconfiguration or malicious firmware updates. Therefore, the threat is more pronounced in environments where device firmware or kernel modules are updated without strict validation. The absence of known exploits reduces immediate risk, but the potential for DoS and system instability warrants attention, especially in sectors where embedded Linux devices are critical to operations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Ensure all Linux kernel instances running on embedded or specialized hardware are updated to versions containing the fix for CVE-2022-49507. This involves applying the latest stable kernel patches or vendor-provided updates that address the da9121_assign_chip_model() error handling. 2) Audit device tree source (DTS) configurations for the da9121 device to confirm validity and prevent invalid subvariant_id assignments. Implement strict validation and testing of DTS files before deployment. 3) Restrict firmware and kernel module updates to trusted sources with cryptographic verification to prevent injection of malformed configurations that could trigger this vulnerability. 4) Monitor kernel logs for KASAN or slab-out-of-bounds warnings related to regmap or da9121 during device probing, which may indicate attempts to exploit or misconfiguration. 5) For organizations deploying embedded Linux devices at scale, integrate automated configuration management and continuous integration testing to detect and prevent invalid device tree configurations. 6) Engage with hardware vendors to confirm whether their devices include the affected driver and request patched firmware or kernel versions if necessary.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.587Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5c6b
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 5:10:06 PM
Last updated: 8/4/2025, 2:36:27 AM
Views: 13
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.