CVE-2022-49032

unknown

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

—

Description

In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw The array size of afe4404_channel_leds and afe4404_channel_offdacs are less than channels, so access with chan->address cause OOB read in afe4404_[read|write]_raw. Fix it by moving access before use them.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-49032

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-49032.html

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2022-49032 NameCVE-2022-49032 DescriptionIn the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info…

CVE-2022-49032

Name	CVE-2022-49032
Description	In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read\|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw The array size of afe4404_channel_leds and afe4404_channel_offdacs are less than channels, so access with chan->address cause OOB read in afe4404_[read\|write]_raw. Fix it by moving access before use them.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.257-1	fixed
	bookworm	6.1.170-3	fixed
	bookworm (security)	6.1.172-1	fixed
	trixie	6.12.86-1	fixed
	trixie (security)	6.12.90-1	fixed
	forky	7.0.9-1	fixed
	sid	7.0.10-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
linux	source	bullseye	5.10.158-1
linux	source	(unstable)	6.0.12-1

Notes

https://git.kernel.org/linus/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b (6.1-rc7)

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

https://git.kernel.org/linus/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b (6.1-rc7)

OS impact

OS	Version	Status	Fixed in
sles		affected
debian	bookworm	fixed	`6.0.12-1`
debian	bullseye	fixed	`5.10.158-1`
debian	forky	fixed	`6.0.12-1`
debian	sid	fixed	`6.0.12-1`
debian	trixie	fixed	`6.0.12-1`

References

Verify integrity in audit chain (admin only). AS-IS.