| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022619-CVE-2022-49642-dbbe@gregkh> Date: Wed, 26 Feb 2025 03:23:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49642: net: stmmac: dwc-qos: Disable split header for Tegra194 Description =========== In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194 where random system crashes have been observed [0]. The problem occurs when the split header feature is enabled in the stmmac driver. In the bad case, a larger than expected buffer length is received and causes the calculation of the total buffer length to overflow. This results in a very large buffer length that causes the kernel to crash. Why this larger buffer length is received is not clear, however, the feedback from the NVIDIA design team is that the split header feature is not supported for Tegra194. Therefore, disable split header support for Tegra194 to prevent these random crashes from occurring. [0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/ The Linux kernel CVE team has assigned CVE-2022-49642 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.4.207 with commit 2968830c9b47ce093237483c6207c61065712386 Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.10.132 with commit 9cc8edc571b871d974b3289868553f9ce544aba6 Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.15.56 with commit d5c315a787652c35045044877a249f7d5c8a4104 Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.18.13 with commit cfa4caf3e881ad6dd366c903c34f1c7f21b857ab Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.19 with commit 029c1c2059e9c4b38f97a06204cdecd10cfbeb8a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49642 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/stmicro/stmmac/dwmac-dwc-qos-eth.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2968830c9b47ce093237483c6207c61065712386 https://git.kernel.org/stable/c/9cc8edc571b871d974b3289868553f9ce544aba6 https://git.kernel.org/stable/c/d5c315a787652c35045044877a249f7d5c8a4104 https://git.kernel.org/stable/c/cfa4caf3e881ad6dd366c903c34f1c7f21b857ab https://git.kernel.org/stable/c/029c1c2059e9c4b38f97a06204cdecd10cfbeb8a
Powered by blists - more mailing lists