| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022658-CVE-2022-49444-ff21@gregkh>
Date: Wed, 26 Feb 2025 03:11:58 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49444: module: fix [e_shstrndx].sh_size=0 OOB access
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
module: fix [e_shstrndx].sh_size=0 OOB access
It is trivial to craft a module to trigger OOB access in this line:
if (info->secstrings[strhdr->sh_size - 1] != '\0') {
BUG: unable to handle page fault for address: ffffc90000aa0fff
PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014
RIP: 0010:load_module+0x19b/0x2391
[rebased patch onto modules-next]
The Linux kernel CVE team has assigned CVE-2022-49444 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.12 with commit ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 and fixed in 5.15.54 with commit 09cb6663618a74fe5572a4931ecbf098832e79ec
Issue introduced in 5.12 with commit ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 and fixed in 5.17.14 with commit 921630e2e5124a04158129a8f22f4b425e61a858
Issue introduced in 5.12 with commit ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 and fixed in 5.18.3 with commit 45a76414b6d8b8b39c23fea53b9d20e831ae72a0
Issue introduced in 5.12 with commit ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 and fixed in 5.19 with commit 391e982bfa632b8315235d8be9c0a81374c6a19c
Issue introduced in 5.4.110 with commit 05d891e76dde3e430c707dae7d85139794eeadbd
Issue introduced in 5.10.26 with commit d802672c7f00963613f289579073ac519f0d306c
Issue introduced in 5.11.3 with commit 214aa69cac91a723239118bbbfe77d5654ddff6b
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49444
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/module/main.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/09cb6663618a74fe5572a4931ecbf098832e79ec
https://git.kernel.org/stable/c/921630e2e5124a04158129a8f22f4b425e61a858
https://git.kernel.org/stable/c/45a76414b6d8b8b39c23fea53b9d20e831ae72a0
https://git.kernel.org/stable/c/391e982bfa632b8315235d8be9c0a81374c6a19c
Powered by blists - more mailing lists