| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022624-CVE-2022-49672-e5ec@gregkh> Date: Wed, 26 Feb 2025 03:23:55 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49672: net: tun: unlink NAPI from device on destruction Description =========== In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tun_file which can get destroyed before the netdev so we have to del them explicitly. The current code is missing deleting the NAPI if the queue was detached first. The Linux kernel CVE team has assigned CVE-2022-49672 to this issue. Affected and fixed versions =========================== Issue introduced in 4.15 with commit 943170998b200190f99d3fe7e771437e2c51f319 and fixed in 4.19.251 with commit 82e729aee59acefe135fceffadcbc5b86dd4f1b9 Issue introduced in 4.15 with commit 943170998b200190f99d3fe7e771437e2c51f319 and fixed in 5.4.204 with commit a8cf919022373c97a84fe596bbea544f909c485d Issue introduced in 4.15 with commit 943170998b200190f99d3fe7e771437e2c51f319 and fixed in 5.10.129 with commit bec1be0a745ab420718217e3e0d9542a75108989 Issue introduced in 4.15 with commit 943170998b200190f99d3fe7e771437e2c51f319 and fixed in 5.15.53 with commit 8145f77d38de4f88b8a69e1463f5c09ba189d77c Issue introduced in 4.15 with commit 943170998b200190f99d3fe7e771437e2c51f319 and fixed in 5.18.10 with commit 8661d4b8faa2f7ee7a559969c0a7c57f077b1728 Issue introduced in 4.15 with commit 943170998b200190f99d3fe7e771437e2c51f319 and fixed in 5.19 with commit 3b9bc84d311104906d2b4995a9a02d7b7ddab2db Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49672 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/tun.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9 https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485d https://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989 https://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77c https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728 https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2db
Powered by blists - more mailing lists