From: "Geoffrey D. Bennett" g@b4.vu
stable inclusion from stable-v5.15.148 commit e517645ead5ea22c69d2a44694baa23fe1ce7c2b category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q9ID CVE: CVE-2023-52674
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 04f8f053252b86c7583895c962d66747ecdc61b7 ]
Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_values[].
Signed-off-by: Geoffrey D. Bennett g@b4.vu Fixes: 9e4d5c1be21f ("ALSA: usb-audio: Scarlett Gen 2 mixer interface") Link: https://lore.kernel.org/r/3b19fb3da641b587749b85fe1daa1b4e696c0c1b.170300105... Signed-off-by: Takashi Iwai tiwai@suse.de Signed-off-by: Sasha Levin sashal@kernel.org
Conflicts: sound/usb/mixer_scarlett_gen2.c [Some context inconsistencies exist in the scarlett2_mixer_ctl_put function, which does not affect the patch] Signed-off-by: Felix Fu fuzhen5@huawei.com --- sound/usb/mixer_scarlett_gen2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/usb/mixer_scarlett_gen2.c b/sound/usb/mixer_scarlett_gen2.c index 1b7c7b754c38..6b7c8b8d7111 100644 --- a/sound/usb/mixer_scarlett_gen2.c +++ b/sound/usb/mixer_scarlett_gen2.c @@ -1509,7 +1509,8 @@ static int scarlett2_mixer_ctl_put(struct snd_kcontrol *kctl, mutex_lock(&private->data_mutex);
oval = private->mix[elem->control]; - val = ucontrol->value.integer.value[0]; + val = clamp(ucontrol->value.integer.value[0], + 0L, (long)SCARLETT2_MIXER_MAX_VALUE); num_mixer_in = ports[SCARLETT2_PORT_TYPE_MIX].num[SCARLETT2_PORT_OUT]; mix_num = elem->control / num_mixer_in;