| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022659-CVE-2022-49451-5d2f@gregkh> Date: Wed, 26 Feb 2025 03:12:05 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49451: firmware: arm_scmi: Fix list protocols enumeration in the base protocol Description =========== In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix list protocols enumeration in the base protocol While enumerating protocols implemented by the SCMI platform using BASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is currently validated in an improper way since the check employs a sum between unsigned integers that could overflow and cause the check itself to be silently bypassed if the returned value 'loop_num_ret' is big enough. Fix the validation avoiding the addition. The Linux kernel CVE team has assigned CVE-2022-49451 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 4.19.247 with commit 444a2d27fe9867d0da4b28fc45b793f32e099ab8 Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.4.198 with commit b0e4bafac8963c2d85ee18d3d01f393735acceec Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.10.121 with commit 1052f22e127d0c34c3387bb389424ba1c61491ff Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.15.46 with commit 98342148a8cd242855d7e257f298c966c96dba9f Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.17.14 with commit 6e7978695f4a6cbd83616b5a702b77fa2087b247 Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.18.3 with commit 2ccfcd7a09c826516edcfe464b05071961aada3f Issue introduced in 4.17 with commit b6f20ff8bd94ad34032804a60bab5ee56752007e and fixed in 5.19 with commit 8009120e0354a67068e920eb10dce532391361d0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49451 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/firmware/arm_scmi/base.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/444a2d27fe9867d0da4b28fc45b793f32e099ab8 https://git.kernel.org/stable/c/b0e4bafac8963c2d85ee18d3d01f393735acceec https://git.kernel.org/stable/c/1052f22e127d0c34c3387bb389424ba1c61491ff https://git.kernel.org/stable/c/98342148a8cd242855d7e257f298c966c96dba9f https://git.kernel.org/stable/c/6e7978695f4a6cbd83616b5a702b77fa2087b247 https://git.kernel.org/stable/c/2ccfcd7a09c826516edcfe464b05071961aada3f https://git.kernel.org/stable/c/8009120e0354a67068e920eb10dce532391361d0
Powered by blists - more mailing lists