| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022600-CVE-2022-49098-9755@gregkh>
Date: Wed, 26 Feb 2025 02:55:03 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49098: Drivers: hv: vmbus: Fix potential crash on module unload
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix potential crash on module unload
The vmbus driver relies on the panic notifier infrastructure to perform
some operations when a panic event is detected. Since vmbus can be built
as module, it is required that the driver handles both registering and
unregistering such panic notifier callback.
After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback")
though, the panic notifier registration is done unconditionally in the module
initialization routine whereas the unregistering procedure is conditionally
guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability
is set.
This patch fixes that by unconditionally unregistering the panic notifier
in the module's exit routine as well.
The Linux kernel CVE team has assigned CVE-2022-49098 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.19.118 with commit 5e059fc0f054309036d3f612bc8b0a502ca58545 and fixed in 4.19.238 with commit 6b4c0149a56147b29169e07000d566162892722a
Issue introduced in 5.4.35 with commit 9f38f7b46de0747c1909e8c557aa21715dce20c5 and fixed in 5.4.189 with commit 2133c422a103cf7c7768c37b9ac382e73b691892
Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.10.111 with commit cf580d2e3884dbafd6b90269b03a24d661578624
Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.15.34 with commit dcd6b1a624c0ffa21034d8b1e02e9d068458f596
Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.16.20 with commit 5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.17.3 with commit 3d0078f8bddd58d9bb1ad40bbe929f8633abb276
Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.18 with commit 792f232d57ff28bbd5f9c4abe0466b23d5879dc8
Issue introduced in 5.6.7 with commit caeeb3787167c884b955404a7e669fd77f267e44
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49098
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/hv/vmbus_drv.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/6b4c0149a56147b29169e07000d566162892722a
https://git.kernel.org/stable/c/2133c422a103cf7c7768c37b9ac382e73b691892
https://git.kernel.org/stable/c/cf580d2e3884dbafd6b90269b03a24d661578624
https://git.kernel.org/stable/c/dcd6b1a624c0ffa21034d8b1e02e9d068458f596
https://git.kernel.org/stable/c/5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
https://git.kernel.org/stable/c/3d0078f8bddd58d9bb1ad40bbe929f8633abb276
https://git.kernel.org/stable/c/792f232d57ff28bbd5f9c4abe0466b23d5879dc8
Powered by blists - more mailing lists