| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022622-CVE-2022-49229-2c2e@gregkh> Date: Wed, 26 Feb 2025 02:57:14 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49229: ptp: unregister virtual clocks when unregistering physical clock. Description =========== In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual clocks, unregister the virtual clocks with it. This fixes the following oops, which can be triggered by unloading a driver providing a PTP clock when it has enabled virtual clocks: BUG: unable to handle page fault for address: ffffffffc04fc4d8 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:ptp_vclock_read+0x31/0xb0 Call Trace: timecounter_read+0xf/0x50 ptp_vclock_refresh+0x2c/0x50 ? ptp_clock_release+0x40/0x40 ptp_aux_kworker+0x17/0x30 kthread_worker_fn+0x9b/0x240 ? kthread_should_park+0x30/0x30 kthread+0xe2/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 The Linux kernel CVE team has assigned CVE-2022-49229 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit 73f37068d540eba5f93ba3a0019bf479d35ebd76 and fixed in 5.15.33 with commit b2dea2a696d09163da4cd33cb598ce1f73e86597 Issue introduced in 5.14 with commit 73f37068d540eba5f93ba3a0019bf479d35ebd76 and fixed in 5.16.19 with commit 9c796a57cbb5daf124a665689f0b2bc9262e0ced Issue introduced in 5.14 with commit 73f37068d540eba5f93ba3a0019bf479d35ebd76 and fixed in 5.17.2 with commit c49eafe6249f844c26f9866886cc6719d81762df Issue introduced in 5.14 with commit 73f37068d540eba5f93ba3a0019bf479d35ebd76 and fixed in 5.18 with commit bfcbb76b0f595ea9ede9f7a218086fef85242f10 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49229 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/ptp/ptp_clock.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b2dea2a696d09163da4cd33cb598ce1f73e86597 https://git.kernel.org/stable/c/9c796a57cbb5daf124a665689f0b2bc9262e0ced https://git.kernel.org/stable/c/c49eafe6249f844c26f9866886cc6719d81762df https://git.kernel.org/stable/c/bfcbb76b0f595ea9ede9f7a218086fef85242f10
Powered by blists - more mailing lists