| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022630-CVE-2022-49273-61de@gregkh> Date: Wed, 26 Feb 2025 02:57:58 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49273: rtc: pl031: fix rtc features null pointer dereference Description =========== In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: fix rtc features null pointer dereference When there is no interrupt line, rtc alarm feature is disabled. The clearing of the alarm feature bit was being done prior to allocations of ldata->rtc device, resulting in a null pointer dereference. Clear RTC_FEATURE_ALARM after the rtc device is allocated. The Linux kernel CVE team has assigned CVE-2022-49273 to this issue. Affected and fixed versions =========================== Issue introduced in 5.12 with commit d9b0dd54a1943f47a381a474f8ea2c94466110c0 and fixed in 5.15.33 with commit cd2722e411e8ab7e5ae41102f6925fa13dffdac5 Issue introduced in 5.12 with commit d9b0dd54a1943f47a381a474f8ea2c94466110c0 and fixed in 5.16.19 with commit d274ce4a3dfd0b9a292667535578359b865765cb Issue introduced in 5.12 with commit d9b0dd54a1943f47a381a474f8ea2c94466110c0 and fixed in 5.17.2 with commit 1b915703964f7e636961df04c540261dc55c6c70 Issue introduced in 5.12 with commit d9b0dd54a1943f47a381a474f8ea2c94466110c0 and fixed in 5.18 with commit ea6af39f3da50c86367a71eb3cc674ade3ed244c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49273 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/rtc/rtc-pl031.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cd2722e411e8ab7e5ae41102f6925fa13dffdac5 https://git.kernel.org/stable/c/d274ce4a3dfd0b9a292667535578359b865765cb https://git.kernel.org/stable/c/1b915703964f7e636961df04c540261dc55c6c70 https://git.kernel.org/stable/c/ea6af39f3da50c86367a71eb3cc674ade3ed244c
Powered by blists - more mailing lists