| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022632-CVE-2022-49720-b0a8@gregkh> Date: Wed, 26 Feb 2025 03:24:43 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49720: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() Description =========== In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_submit_sync_cmd+0x70/0x200 [nvme_core] nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics] nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop] nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop] nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics] nvmf_dev_write+0xae/0x111 [nvme_fabrics] vfs_write+0x144/0x560 ksys_write+0xb7/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The Linux kernel CVE team has assigned CVE-2022-49720 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit 20e4d813931961fe26d26a1e98b3aba6ec00b130 and fixed in 5.10.124 with commit 7fa28a7c3d74933a4fc22d341b60927952f31c19 Issue introduced in 4.16 with commit 20e4d813931961fe26d26a1e98b3aba6ec00b130 and fixed in 5.15.49 with commit b5e65ef044d627effdc2599040b6d204e003f955 Issue introduced in 4.16 with commit 20e4d813931961fe26d26a1e98b3aba6ec00b130 and fixed in 5.18.6 with commit b202a0bd2580ee5b0453772c46d464152fafff73 Issue introduced in 4.16 with commit 20e4d813931961fe26d26a1e98b3aba6ec00b130 and fixed in 5.19 with commit 14dc7a18abbe4176f5626c13c333670da8e06aa1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49720 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: block/blk-mq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19 https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955 https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73 https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1
Powered by blists - more mailing lists