| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024022657-CVE-2019-25160-e487@gregkh> Date: Mon, 26 Feb 2024 18:20:57 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2019-25160: netlabel: fix out-of-bounds memory accesses Description =========== In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. The Linux kernel CVE team has assigned CVE-2019-25160 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 3.16.66 with commit 97bc3683c249 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 3.18.137 with commit c61d01faa555 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.4.177 with commit dc18101f95fa Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.9.163 with commit 1c973f9c7cc2 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.14.106 with commit fcfe700acdc1 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.19.28 with commit e3713abc4248 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.20.15 with commit fbf9578919d6 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 5.0 with commit 5578de4834fe Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2019-25160 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ipv4/cipso_ipv4.c net/netlabel/netlabel_kapi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272 https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950 https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000 https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba641383f6c78 https://git.kernel.org/stable/c/5578de4834fe0f2a34fedc7374be691443396d1f
Powered by blists - more mailing lists