{"id":"CVE-2022-49551","summary":"usb: isp1760: Fix out-of-bounds array access","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: isp1760: Fix out-of-bounds array access\n\nRunning the driver through kasan gives an interesting splat:\n\n  BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c\n  Read of size 20 at addr f1db2e64 by task swapper/0/1\n  (...)\n  isp1760_register from isp1760_plat_probe+0x1d8/0x220\n  (...)\n\nThis happens because the loop reading the regmap fields for the\ndifferent ISP1760 variants look like this:\n\n  for (i = 0; i \u003c HC_FIELD_MAX; i++) { ... }\n\nMeaning it expects the arrays to be at least HC_FIELD_MAX - 1 long.\n\nHowever the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],\nisp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are\ndynamically sized during compilation.\n\nFix this by putting an empty assignment to the [HC_FIELD_MAX]\nand [DC_FIELD_MAX] array member at the end of each array.\nThis will make the array one member longer than it needs to be,\nbut avoids the risk of overwriting whatever is inside\n[HC_FIELD_MAX - 1] and is simple and intuitive to read. Also\nadd comments explaining what is going on.","modified":"2026-04-02T08:27:42.068125Z","published":"2025-02-26T02:14:01.196Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49551.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/26ae2c942b5702f2e43d36b2a4389cfb7d616b6a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/463bddd3ff1acf4036ddb80c34a715eb99debf46"},{"type":"WEB","url":"https://git.kernel.org/stable/c/47d39cb57e8669e507d17d9e0d067d2b3e3a87ae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bf2558bbdce3ab1d6bcba09f354914e4515d0a2b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49551.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49551"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da9e1c06873350c99ba49a052f92de85f2c69f2"},{"fixed":"bf2558bbdce3ab1d6bcba09f354914e4515d0a2b"},{"fixed":"47d39cb57e8669e507d17d9e0d067d2b3e3a87ae"},{"fixed":"463bddd3ff1acf4036ddb80c34a715eb99debf46"},{"fixed":"26ae2c942b5702f2e43d36b2a4389cfb7d616b6a"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49551.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}