| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024071621-CVE-2022-48837-9325@gregkh> Date: Tue, 16 Jul 2024 14:27:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48837: usb: gadget: rndis: prevent integer overflow in rndis_set_response() Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow. The Linux kernel CVE team has assigned CVE-2022-48837 to this issue. Affected and fixed versions =========================== Issue introduced in 4.9.302 with commit ff0a90739925 and fixed in 4.9.308 with commit 8b3e4d26bc9c Issue introduced in 4.14.267 with commit 4c22fbcef778 and fixed in 4.14.273 with commit c7953cf03a26 Issue introduced in 4.19.230 with commit db9aaa302629 and fixed in 4.19.236 with commit 138d4f739b35 Issue introduced in 5.4.180 with commit c9e952871ae4 and fixed in 5.4.187 with commit 218293762683 Issue introduced in 5.10.101 with commit fb4ff0f96de3 and fixed in 5.10.108 with commit 28bc0267399f Issue introduced in 5.15.24 with commit 2da3b0ab54fb and fixed in 5.15.31 with commit 56b38e3ca406 Issue introduced in 5.16.10 with commit 2724ebafda0a and fixed in 5.16.17 with commit df7e088d51cd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48837 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/gadget/function/rndis.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b https://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90 https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7 https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65 https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c https://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0 https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa
Powered by blists - more mailing lists