| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024082210-CVE-2022-48900-c15e@gregkh> Date: Thu, 22 Aug 2024 11:31:01 +0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48900: xen/netfront: react properly to failing gnttab_end_foreign_access_ref() Description =========== In the Linux kernel, the following vulnerability has been resolved: xen/netfront: react properly to failing gnttab_end_foreign_access_ref() When calling gnttab_end_foreign_access_ref() the returned value must be tested and the reaction to that value should be appropriate. In case of failure in xennet_get_responses() the reaction should not be to crash the system, but to disable the network device. The calls in setup_netfront() can be replaced by calls of gnttab_end_foreign_access(). While at it avoid double free of ring pages and grant references via xennet_disconnect_backend() in this case. This is CVE-2022-23042 / part of XSA-396. --- V2: - avoid double free V3: - remove pointless initializer (Jan Beulich) The Linux kernel CVE team has assigned CVE-2022-48900 to this issue. Affected and fixed versions =========================== Fixed in 4.9.306 with commit c4497b057b14 Fixed in 4.14.271 with commit 1b9f4115738a Fixed in 4.19.234 with commit c307029d811e Fixed in 5.4.184 with commit 0e35f3ab69bc Fixed in 5.10.105 with commit 206c8e271ba2 Fixed in 5.15.28 with commit dea18aef2021 Fixed in 5.16.14 with commit 34630641e955 Fixed in 5.17 with commit 66e3531b33ee Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48900 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/xen-netfront.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c4497b057b14274e159434f0ed70439a21f3d2a9 https://git.kernel.org/stable/c/1b9f4115738af90427a8c94a3980bc52fbb23296 https://git.kernel.org/stable/c/c307029d811e03546d18d0e512fe295b3103b8e5 https://git.kernel.org/stable/c/0e35f3ab69bcb01fdbf5aadc78f1731778963b1c https://git.kernel.org/stable/c/206c8e271ba2630f1d809123945d9c428f93b0f0 https://git.kernel.org/stable/c/dea18aef2021022a568f4d385a1386f51a9df6ff https://git.kernel.org/stable/c/34630641e955f23ae06db178822d99d0a9d89b20 https://git.kernel.org/stable/c/66e3531b33ee51dad17c463b4d9c9f52e341503d
Powered by blists - more mailing lists