| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022657-CVE-2022-49083-34be@gregkh>
Date: Wed, 26 Feb 2025 02:54:48 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49083: iommu/omap: Fix regression in probe for NULL pointer dereference
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
iommu/omap: Fix regression in probe for NULL pointer dereference
Commit 3f6634d997db ("iommu: Use right way to retrieve iommu_ops") started
triggering a NULL pointer dereference for some omap variants:
__iommu_probe_device from probe_iommu_group+0x2c/0x38
probe_iommu_group from bus_for_each_dev+0x74/0xbc
bus_for_each_dev from bus_iommu_probe+0x34/0x2e8
bus_iommu_probe from bus_set_iommu+0x80/0xc8
bus_set_iommu from omap_iommu_init+0x88/0xcc
omap_iommu_init from do_one_initcall+0x44/0x24
This is caused by omap iommu probe returning 0 instead of ERR_PTR(-ENODEV)
as noted by Jason Gunthorpe <jgg@...pe.ca>.
Looks like the regression already happened with an earlier commit
6785eb9105e3 ("iommu/omap: Convert to probe/release_device() call-backs")
that changed the function return type and missed converting one place.
The Linux kernel CVE team has assigned CVE-2022-49083 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.8 with commit 6785eb9105e3363aa51408c700a55e8b5f88fcf6 and fixed in 5.10.111 with commit bd905fed87ce01ac010011bb8f44ed0140116ceb
Issue introduced in 5.8 with commit 6785eb9105e3363aa51408c700a55e8b5f88fcf6 and fixed in 5.15.34 with commit 47e239117bd97c8556f9187af7a9a7938db4e021
Issue introduced in 5.8 with commit 6785eb9105e3363aa51408c700a55e8b5f88fcf6 and fixed in 5.16.20 with commit ea518578aa8a9a0280605b53cc33f707e10c8178
Issue introduced in 5.8 with commit 6785eb9105e3363aa51408c700a55e8b5f88fcf6 and fixed in 5.17.3 with commit 1d89f2b9eadbcf3ce93c6d7238f68299a1f84968
Issue introduced in 5.8 with commit 6785eb9105e3363aa51408c700a55e8b5f88fcf6 and fixed in 5.18 with commit 71ff461c3f41f6465434b9e980c01782763e7ad8
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49083
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/iommu/omap-iommu.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/bd905fed87ce01ac010011bb8f44ed0140116ceb
https://git.kernel.org/stable/c/47e239117bd97c8556f9187af7a9a7938db4e021
https://git.kernel.org/stable/c/ea518578aa8a9a0280605b53cc33f707e10c8178
https://git.kernel.org/stable/c/1d89f2b9eadbcf3ce93c6d7238f68299a1f84968
https://git.kernel.org/stable/c/71ff461c3f41f6465434b9e980c01782763e7ad8
Powered by blists - more mailing lists