lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025022625-CVE-2022-49298-bc33@gregkh>
Date: Wed, 26 Feb 2025 03:00:30 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49298: staging: rtl8712: fix uninit-value in r871xu_drv_init()

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix uninit-value in r871xu_drv_init()

When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
'mac[6]' will not be initialized.

BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
 r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
 really_probe+0x653/0x14b0 drivers/base/dd.c:596
 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
 driver_probe_device drivers/base/dd.c:782 [inline]
 __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
 __device_attach+0x593/0x8e0 drivers/base/dd.c:970
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
 device_add+0x1fff/0x26e0 drivers/base/core.c:3405
 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
 really_probe+0x653/0x14b0 drivers/base/dd.c:596
 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
 driver_probe_device drivers/base/dd.c:782 [inline]
 __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
 __device_attach+0x593/0x8e0 drivers/base/dd.c:970
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
 device_add+0x1fff/0x26e0 drivers/base/core.c:3405
 usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5358 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
 port_event drivers/usb/core/hub.c:5660 [inline]
 hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

Local variable mac created at:
 r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396

KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

The Linux kernel CVE team has assigned CVE-2022-49298 to this issue.


Affected and fixed versions
===========================

	Fixed in 4.9.318 with commit 0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
	Fixed in 4.14.283 with commit 277faa442fe0c59f418ac53f47a78e1266addd65
	Fixed in 4.19.247 with commit a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
	Fixed in 5.4.198 with commit 52a0d88c328098b4e9fb8f2f3877fec0eff4104b
	Fixed in 5.10.122 with commit ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
	Fixed in 5.15.47 with commit f36e754a1f0bafb9feeea63463de78080acb6de0
	Fixed in 5.17.15 with commit 76a964ad0ea8f2b10abd69a7532e174a28258283
	Fixed in 5.18.4 with commit 70df04433fd351ba72bc635bd0b5fe443d9ac964
	Fixed in 5.19 with commit 0458e5428e5e959d201a40ffe71d762a79ecedc4

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49298
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/staging/rtl8712/usb_intf.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
	https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65
	https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
	https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b
	https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
	https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0
	https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283
	https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964
	https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ