| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022603-CVE-2022-49472-eeea@gregkh> Date: Wed, 26 Feb 2025 03:12:26 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49472: net: phy: micrel: Allow probing without .driver_data Description =========== In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structure and the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data by inserting NULL checks for priv->type. The Linux kernel CVE team has assigned CVE-2022-49472 to this issue. Affected and fixed versions =========================== Fixed in 4.14.283 with commit 7dcb404662839a4ed1a9703658fee979eb894ca4 Fixed in 4.19.247 with commit 91e720b32cba25fa58eaa4c88fe957009cffe9f3 Fixed in 5.4.198 with commit 1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2 Fixed in 5.10.121 with commit abb5594ae2ba7b82cce85917cc6337ec5d774837 Fixed in 5.15.46 with commit 660dfa033ccc9afb032015b6dc76e846bba42cfb Fixed in 5.17.14 with commit 143878e18001c5a61fcc7ae5c5240323753bb641 Fixed in 5.18.3 with commit bd219273b4e004a3f853da72e111fc8f81357501 Fixed in 5.19 with commit f2ef6f7539c68c6bd6c32323d8845ee102b7c450 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49472 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/phy/micrel.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4 https://git.kernel.org/stable/c/91e720b32cba25fa58eaa4c88fe957009cffe9f3 https://git.kernel.org/stable/c/1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2 https://git.kernel.org/stable/c/abb5594ae2ba7b82cce85917cc6337ec5d774837 https://git.kernel.org/stable/c/660dfa033ccc9afb032015b6dc76e846bba42cfb https://git.kernel.org/stable/c/143878e18001c5a61fcc7ae5c5240323753bb641 https://git.kernel.org/stable/c/bd219273b4e004a3f853da72e111fc8f81357501 https://git.kernel.org/stable/c/f2ef6f7539c68c6bd6c32323d8845ee102b7c450
Powered by blists - more mailing lists