| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022608-CVE-2022-49145-3c50@gregkh> Date: Wed, 26 Feb 2025 02:55:50 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49145: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data Description =========== In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ The Linux kernel CVE team has assigned CVE-2022-49145 to this issue. Affected and fixed versions =========================== Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 4.9.311 with commit b3f15609ffa521de12244cd6af24002030dda3f5 Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 4.14.276 with commit d208ea44e25b31db5a4d5e8c31df51787a3e9303 Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 4.19.238 with commit 28d5387c1994f5e1e0d41b30a1f3dd6e1f609252 Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 5.4.189 with commit cb249f8c00f40dba83b7da8207ac14ca46e9ec9e Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 5.10.110 with commit e5b681822cac1f8093759b02e16c06b2c64b6788 Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 5.15.33 with commit 97b5593fd1b182b3fdb180b6bbe64ec09669988b Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 5.16.19 with commit b80b19b32a432c9eee1cd200ef7aaddf608f54d1 Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 5.17.2 with commit d7339f2a3938fb56b5f28d53f5345900b5fa0e74 Issue introduced in 4.4 with commit 337aadff8e4567e39669e07d9a88b789d78458b5 and fixed in 5.18 with commit 40d8abf364bcab23bc715a9221a3c8623956257b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49145 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/acpi/cppc_acpi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5 https://git.kernel.org/stable/c/d208ea44e25b31db5a4d5e8c31df51787a3e9303 https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252 https://git.kernel.org/stable/c/cb249f8c00f40dba83b7da8207ac14ca46e9ec9e https://git.kernel.org/stable/c/e5b681822cac1f8093759b02e16c06b2c64b6788 https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1 https://git.kernel.org/stable/c/d7339f2a3938fb56b5f28d53f5345900b5fa0e74 https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b
Powered by blists - more mailing lists