| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022650-CVE-2022-49046-9186@gregkh> Date: Wed, 26 Feb 2025 02:54:11 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49046: i2c: dev: check return value when calling dev_set_name() Description =========== In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling dev_set_name() If dev_set_name() fails, the dev_name() is null, check the return value of dev_set_name() to avoid the null-ptr-deref. The Linux kernel CVE team has assigned CVE-2022-49046 to this issue. Affected and fixed versions =========================== Issue introduced in 5.7 with commit 1413ef638abae4ab5621901cf4d8ef08a4a48ba6 and fixed in 5.15.35 with commit 2f345bb14ad4744950499ff222e2899209297afa Issue introduced in 5.7 with commit 1413ef638abae4ab5621901cf4d8ef08a4a48ba6 and fixed in 5.17.4 with commit c74d77a2d07744147d734138acd6ce9dba715e5d Issue introduced in 5.7 with commit 1413ef638abae4ab5621901cf4d8ef08a4a48ba6 and fixed in 5.18 with commit 993eb48fa199b5f476df8204e652eff63dd19361 Issue introduced in 4.4.225 with commit 1c1b4327970c79c1a2d0c3becfc12b9696177c55 Issue introduced in 4.9.225 with commit c0d34399045609eda76882fa6d01fdfaf5b20d38 Issue introduced in 4.14.182 with commit f1f3b4150baf7c3aa6b4e6b81b8ff1909996d507 Issue introduced in 4.19.125 with commit a612c4ece2eb757011ae88a8410b48e523220b8d Issue introduced in 5.4.43 with commit 1bed86cfe5cb4529d036a14980d379aee8539982 Issue introduced in 5.6.15 with commit 8a231148135d2d08a3ef721d438cd468ea4209d2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49046 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/i2c/i2c-dev.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2f345bb14ad4744950499ff222e2899209297afa https://git.kernel.org/stable/c/c74d77a2d07744147d734138acd6ce9dba715e5d https://git.kernel.org/stable/c/993eb48fa199b5f476df8204e652eff63dd19361
Powered by blists - more mailing lists