Description
In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq types") added the num_config_regs, then commit 9edd4f5aee84 ("regmap-irq: Deprecate type registers and virtual registers") suggested to replace num_type_reg with it. However, regmap_add_irq_chip_fwnode wasn't modified to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335: Convert irq chip to config regs") removed the old num_type_reg property from the WCD9335 driver's struct regmap_irq_chip, causing a null pointer dereference in regmap_irq_set_type when it tried to index d->type_buf as it was never allocated in regmap_add_irq_chip_fwnode: [ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 39.200006] Call trace: [ 39.200014] regmap_irq_set_type+0x84/0x1c0 [ 39.200026] __irq_set_trigger+0x60/0x1c0 [ 39.200040] __setup_irq+0x2f4/0x78c [ 39.200051] request_threaded_irq+0xe8/0x1a0 Use num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg, and fall back to it if num_config_regs isn't defined to maintain backward compatibility.
Product status
faa87ce9196dbb074d75bd4aecb8bacf18f19b4e (git) before 57bb34330c0fc70bb4ab96399a3c1b80e73e9d49
faa87ce9196dbb074d75bd4aecb8bacf18f19b4e (git) before 961db32e52f4d34a9a95939a30393fd190397f84
faa87ce9196dbb074d75bd4aecb8bacf18f19b4e (git) before 84498d1fb35de6ab71bdfdb6270a464fb4a0951b
6.0
Any version before 6.0
6.0.16 (semver)
6.1.2 (semver)
6.2 (original_commit_for_fix)
References
git.kernel.org/...c/57bb34330c0fc70bb4ab96399a3c1b80e73e9d49
git.kernel.org/...c/961db32e52f4d34a9a95939a30393fd190397f84
git.kernel.org/...c/84498d1fb35de6ab71bdfdb6270a464fb4a0951b
