CVE-2022-49515: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in the array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN to report a shift-out-of-bounds warning in the cs35l41_otp_unpack() since the last entry in the array will result in GENMASK(-1, 0). UBSAN reports this problem: UBSAN: shift-out-of-bounds in /home/hwang4/build/jammy/jammy/sound/soc/codecs/cs35l41-lib.c:836:8 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 10 PID: 595 Comm: systemd-udevd Not tainted 5.15.0-23-generic #23 Hardware name: LENOVO \x02MFG_IN_GO/\x02MFG_IN_GO, BIOS N3GET19W (1.00 ) 03/11/2022 Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef ? regmap_unlock_mutex+0xe/0x10 cs35l41_otp_unpack.cold+0x1c6/0x2b2 [snd_soc_cs35l41_lib] cs35l41_hda_probe+0x24f/0x33a [snd_hda_scodec_cs35l41] cs35l41_hda_i2c_probe+0x65/0x90 [snd_hda_scodec_cs35l41_i2c] ? cs35l41_hda_i2c_remove+0x20/0x20 [snd_hda_scodec_cs35l41_i2c] i2c_device_probe+0x252/0x2b0
AI Analysis
Technical Summary
CVE-2022-49515 is a vulnerability identified in the Linux kernel specifically related to the ASoC (ALSA System on Chip) driver for the Cirrus Logic CS35L41 audio amplifier codec. The issue arises from an out-of-bounds access in the otp_packed_element_t structure due to a mismatch between the defined number of OTP (One-Time Programmable) elements and the actual array size. The constant CS35L41_NUM_OTP_ELEM is set to 100, but only 99 entries are defined in the otp_map_1 and otp_map_2 arrays. This discrepancy causes the last array access to exceed its bounds, triggering Undefined Behavior Sanitizer (UBSAN) warnings about a shift-out-of-bounds operation. Specifically, the problem manifests as a shift exponent of 64 being too large for a 64-bit unsigned long integer type, leading to potential memory corruption or unexpected behavior during the OTP unpacking process in the cs35l41_otp_unpack() function. The vulnerability is triggered during the probing of the CS35L41 codec via the I2C interface, which is part of the sound subsystem initialization. Although no known exploits are reported in the wild, this flaw could cause kernel crashes or unpredictable behavior, potentially leading to denial of service or privilege escalation if exploited in a crafted environment. The root cause is a coding error in the Linux kernel driver, and it has been addressed by correcting the array size or bounds checking in the relevant source files. The vulnerability affects Linux kernel versions containing the faulty driver code prior to the patch. No CVSS score has been assigned yet, and no direct evidence of exploitation exists at this time.
Potential Impact
For European organizations, the impact of CVE-2022-49515 is primarily related to system stability and potential denial of service on devices running vulnerable Linux kernels with the CS35L41 codec driver enabled. This includes laptops, desktops, and embedded systems that utilize this specific audio codec hardware. While the vulnerability does not currently have known exploits, the out-of-bounds access could be leveraged by a local attacker or malicious software to cause kernel panics or crashes, disrupting business operations. In environments where Linux is used extensively, such as in servers, workstations, or IoT devices, this could lead to downtime or degraded service availability. Confidentiality and integrity impacts are less likely unless combined with other vulnerabilities, but the risk of privilege escalation cannot be entirely ruled out if an attacker can trigger the bug in a controlled manner. European organizations with hardware from manufacturers using the CS35L41 codec, particularly in sectors like manufacturing, telecommunications, or government where Linux-based systems are prevalent, should be aware of this vulnerability. The absence of known exploits reduces immediate risk, but proactive patching is recommended to maintain security posture.
Mitigation Recommendations
To mitigate CVE-2022-49515, organizations should: 1) Apply the latest Linux kernel updates that include the fix for this vulnerability, ensuring the patched driver code is deployed. 2) Audit systems to identify devices using the CS35L41 codec and verify kernel versions to prioritize patching. 3) For embedded or custom Linux distributions, rebuild kernels with the corrected driver source code or disable the CS35L41 driver if the hardware is not in use. 4) Implement kernel hardening measures such as enabling kernel address space layout randomization (KASLR) and kernel page-table isolation (KPTI) to reduce exploitation risk. 5) Monitor system logs for UBSAN or kernel warnings related to shift-out-of-bounds or cs35l41_otp_unpack errors as indicators of attempted exploitation or instability. 6) Restrict local user access where possible to limit the ability to trigger the vulnerability. 7) Engage with hardware vendors to confirm firmware compatibility with updated drivers and coordinate patch deployment. These steps go beyond generic advice by focusing on hardware-specific identification, kernel configuration, and monitoring tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49515: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in the array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN to report a shift-out-of-bounds warning in the cs35l41_otp_unpack() since the last entry in the array will result in GENMASK(-1, 0). UBSAN reports this problem: UBSAN: shift-out-of-bounds in /home/hwang4/build/jammy/jammy/sound/soc/codecs/cs35l41-lib.c:836:8 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 10 PID: 595 Comm: systemd-udevd Not tainted 5.15.0-23-generic #23 Hardware name: LENOVO \x02MFG_IN_GO/\x02MFG_IN_GO, BIOS N3GET19W (1.00 ) 03/11/2022 Call Trace: <TASK> show_stack+0x52/0x58 dump_stack_lvl+0x4a/0x5f dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x45 __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef ? regmap_unlock_mutex+0xe/0x10 cs35l41_otp_unpack.cold+0x1c6/0x2b2 [snd_soc_cs35l41_lib] cs35l41_hda_probe+0x24f/0x33a [snd_hda_scodec_cs35l41] cs35l41_hda_i2c_probe+0x65/0x90 [snd_hda_scodec_cs35l41_i2c] ? cs35l41_hda_i2c_remove+0x20/0x20 [snd_hda_scodec_cs35l41_i2c] i2c_device_probe+0x252/0x2b0
AI-Powered Analysis
Technical Analysis
CVE-2022-49515 is a vulnerability identified in the Linux kernel specifically related to the ASoC (ALSA System on Chip) driver for the Cirrus Logic CS35L41 audio amplifier codec. The issue arises from an out-of-bounds access in the otp_packed_element_t structure due to a mismatch between the defined number of OTP (One-Time Programmable) elements and the actual array size. The constant CS35L41_NUM_OTP_ELEM is set to 100, but only 99 entries are defined in the otp_map_1 and otp_map_2 arrays. This discrepancy causes the last array access to exceed its bounds, triggering Undefined Behavior Sanitizer (UBSAN) warnings about a shift-out-of-bounds operation. Specifically, the problem manifests as a shift exponent of 64 being too large for a 64-bit unsigned long integer type, leading to potential memory corruption or unexpected behavior during the OTP unpacking process in the cs35l41_otp_unpack() function. The vulnerability is triggered during the probing of the CS35L41 codec via the I2C interface, which is part of the sound subsystem initialization. Although no known exploits are reported in the wild, this flaw could cause kernel crashes or unpredictable behavior, potentially leading to denial of service or privilege escalation if exploited in a crafted environment. The root cause is a coding error in the Linux kernel driver, and it has been addressed by correcting the array size or bounds checking in the relevant source files. The vulnerability affects Linux kernel versions containing the faulty driver code prior to the patch. No CVSS score has been assigned yet, and no direct evidence of exploitation exists at this time.
Potential Impact
For European organizations, the impact of CVE-2022-49515 is primarily related to system stability and potential denial of service on devices running vulnerable Linux kernels with the CS35L41 codec driver enabled. This includes laptops, desktops, and embedded systems that utilize this specific audio codec hardware. While the vulnerability does not currently have known exploits, the out-of-bounds access could be leveraged by a local attacker or malicious software to cause kernel panics or crashes, disrupting business operations. In environments where Linux is used extensively, such as in servers, workstations, or IoT devices, this could lead to downtime or degraded service availability. Confidentiality and integrity impacts are less likely unless combined with other vulnerabilities, but the risk of privilege escalation cannot be entirely ruled out if an attacker can trigger the bug in a controlled manner. European organizations with hardware from manufacturers using the CS35L41 codec, particularly in sectors like manufacturing, telecommunications, or government where Linux-based systems are prevalent, should be aware of this vulnerability. The absence of known exploits reduces immediate risk, but proactive patching is recommended to maintain security posture.
Mitigation Recommendations
To mitigate CVE-2022-49515, organizations should: 1) Apply the latest Linux kernel updates that include the fix for this vulnerability, ensuring the patched driver code is deployed. 2) Audit systems to identify devices using the CS35L41 codec and verify kernel versions to prioritize patching. 3) For embedded or custom Linux distributions, rebuild kernels with the corrected driver source code or disable the CS35L41 driver if the hardware is not in use. 4) Implement kernel hardening measures such as enabling kernel address space layout randomization (KASLR) and kernel page-table isolation (KPTI) to reduce exploitation risk. 5) Monitor system logs for UBSAN or kernel warnings related to shift-out-of-bounds or cs35l41_otp_unpack errors as indicators of attempted exploitation or instability. 6) Restrict local user access where possible to limit the ability to trigger the vulnerability. 7) Engage with hardware vendors to confirm firmware compatibility with updated drivers and coordinate patch deployment. These steps go beyond generic advice by focusing on hardware-specific identification, kernel configuration, and monitoring tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.587Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5c8d
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 5:25:28 PM
Last updated: 8/14/2025, 7:42:54 AM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.