| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062000-CVE-2022-48732-9d9b@gregkh> Date: Thu, 20 Jun 2024 13:16:12 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed. The Linux kernel CVE team has assigned CVE-2022-48732 to this issue. Affected and fixed versions =========================== Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 4.9.300 with commit d4b746e60fd8 Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 4.14.265 with commit 909d3ec1bf9f Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 4.19.228 with commit b2a21669ee98 Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.4.178 with commit acc887ba8833 Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.10.99 with commit f071d9fa8575 Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.15.22 with commit d877e814a62b Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.16.8 with commit e7c36fa8a1e6 Issue introduced in 4.8 with commit 4d4e9907ff57 and fixed in 5.17 with commit 1b777d4d9e38 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48732 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2 https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882 https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73 https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06 https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369 https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a
Powered by blists - more mailing lists