| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102152-CVE-2022-49010-f8e1@gregkh> Date: Mon, 21 Oct 2024 22:06:42 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49010: hwmon: (coretemp) Check for null before removing sysfs attrs Description =========== In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that will crash in sysfs_remove_group(). [Shortened for readability] [91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label' <cpu offline> [91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188 [91855.165103] #PF: supervisor read access in kernel mode [91855.194506] #PF: error_code(0x0000) - not-present page [91855.224445] PGD 0 P4D 0 [91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI ... [91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80 ... [91855.796571] Call Trace: [91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp] [91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp] [91855.871107] cpuhp_invoke_callback+0x105/0x4b0 [91855.893432] cpuhp_thread_fun+0x8e/0x150 ... Fix this by checking for NULL first. The Linux kernel CVE team has assigned CVE-2022-49010 to this issue. Affected and fixed versions =========================== Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 4.9.335 with commit fb503d077ff7 Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 4.14.301 with commit 070d5ea4a059 Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 4.19.268 with commit 280110db1a7d Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 5.4.226 with commit 89eecabe6a47 Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 5.10.158 with commit f06e0cd01eab Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 5.15.82 with commit 7692700ac818 Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 6.0.12 with commit ae6c8b6e5d56 Issue introduced in 3.0 with commit 199e0de7f5df and fixed in 6.1 with commit a89ff5f5cc64 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49010 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hwmon/coretemp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99 https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653 https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16 https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a
Powered by blists - more mailing lists