In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof-nau8825: fix module alias overflow
The maximum name length for a platform_device_id entry is 20 characters
including the trailing NUL byte. The sof_nau8825.c file exceeds that,
which causes an obscure error message:
sound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal
character encoding in string literal [-Werror,-Winvalid-source-encoding]
MODULE_ALIAS(“platform:adl_max98373_nau8825<U+0018><AA>”);
^~~~
include/linux/module.h:168:49: note: expanded from macro ‘MODULE_ALIAS’
^~~~~~
include/linux/module.h:165:56: note: expanded from macro ‘MODULE_INFO’
^~~~
include/linux/moduleparam.h:26:47: note: expanded from macro
‘__MODULE_INFO’
= __MODULE_INFO_PREFIX __stringify(tag) “=” info
I could not figure out how to make the module handling robust enough
to handle this better, but as a quick fix, using slightly shorter
names that are still unique avoids the build issue.
git.kernel.org/linus/3e78986a840d59dd27e636eae3f52dc11125c835 (6.2-rc4)
git.kernel.org/stable/c/3e78986a840d59dd27e636eae3f52dc11125c835
git.kernel.org/stable/c/fba1b23befd88366fe646787b3797e64d7338fd2
launchpad.net/bugs/cve/CVE-2022-48889
nvd.nist.gov/vuln/detail/CVE-2022-48889
security-tracker.debian.org/tracker/CVE-2022-48889
www.cve.org/CVERecord?id=CVE-2022-48889