| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102156-CVE-2022-49031-5b75@gregkh> Date: Mon, 21 Oct 2024 22:07:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49031: iio: health: afe4403: Fix oob read in afe4403_read_raw Description =========== In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace: afe4403_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 This issue can be reproduced by singe command: $ cat /sys/bus/spi/devices/spi0.0/iio\:device0/in_intensity6_raw The array size of afe4403_channel_leds is less than channels, so access with chan->address cause OOB read in afe4403_read_raw. Fix it by moving access before use it. The Linux kernel CVE team has assigned CVE-2022-49031 to this issue. Affected and fixed versions =========================== Issue introduced in 4.8 with commit b36e8257641a and fixed in 4.9.335 with commit 98afcb5f3be6 Issue introduced in 4.8 with commit b36e8257641a and fixed in 4.14.301 with commit c9268df36818 Issue introduced in 4.8 with commit b36e8257641a and fixed in 4.19.268 with commit 726fa3e4ab97 Issue introduced in 4.8 with commit b36e8257641a and fixed in 5.4.226 with commit 2d6a437064ff Issue introduced in 4.8 with commit b36e8257641a and fixed in 5.10.158 with commit b1756af172fb Issue introduced in 4.8 with commit b36e8257641a and fixed in 5.15.82 with commit e7e76a77aabe Issue introduced in 4.8 with commit b36e8257641a and fixed in 6.0.12 with commit 06c6ce21cec7 Issue introduced in 4.8 with commit b36e8257641a and fixed in 6.1 with commit 58143c1ed588 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49031 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/iio/health/afe4403.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0 https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9 https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867 https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9
Powered by blists - more mailing lists