| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122424-CVE-2024-53145-1a25@gregkh> Date: Tue, 24 Dec 2024 12:29:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53145: um: Fix potential integer overflow during physmem setup Description =========== In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. The Linux kernel CVE team has assigned CVE-2024-53145 to this issue. Affected and fixed versions =========================== Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 5.4.287 with commit 5c710f45811e7e2bfcf703980c306f19c7e1ecfe Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 5.10.231 with commit e6102b72edc4eb8c0858df00ba74b5ce579c8fa2 Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 5.15.174 with commit 1bd118c5f887802cef2d9ba0d1917258667f1cae Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 6.1.120 with commit 1575df968650d11771359e5ac78278c5b0cc19f3 Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 6.6.64 with commit a875c023155ea92b75d6323977003e64d92ae7fc Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 6.11.11 with commit d1a211e5210d31da8f49fc0021bf7129b726468c Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 6.12.2 with commit a9c95f787b88b29165563fd97761032db77116e7 Issue introduced in 4.1 with commit fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 and fixed in 6.13-rc1 with commit a98b7761f697e590ed5d610d87fa12be66f23419 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53145 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/um/kernel/physmem.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2 https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3 https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7 https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419
Powered by blists - more mailing lists