lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024062000-CVE-2022-48732-9d9b@gregkh>
Date: Thu, 20 Jun 2024 13:16:12 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix off by one in BIOS boundary checking

Bounds checking when parsing init scripts embedded in the BIOS reject
access to the last byte. This causes driver initialization to fail on
Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working
console.

This is probably only seen on OpenFirmware machines like PowerPC Macs
because the BIOS image provided by OF is only the used parts of the ROM,
not a power-of-two blocks read from PCI directly so PCs always have
empty bytes at the end that are never accessed.

The Linux kernel CVE team has assigned CVE-2022-48732 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 4.9.300 with commit d4b746e60fd8
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 4.14.265 with commit 909d3ec1bf9f
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 4.19.228 with commit b2a21669ee98
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.4.178 with commit acc887ba8833
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.10.99 with commit f071d9fa8575
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.15.22 with commit d877e814a62b
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.16.8 with commit e7c36fa8a1e6
	Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.17 with commit 1b777d4d9e38

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48732
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad
	https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
	https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882
	https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c
	https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73
	https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06
	https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369
	https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ