| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022650-CVE-2022-49044-43d1@gregkh> Date: Wed, 26 Feb 2025 02:54:09 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49044: dm integrity: fix memory corruption when tag_size is less than digest size Description =========== In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_shash_final. Fix this corruption by increasing the tags array so that it has enough padding at the end to accomodate the loop in integrity_recalc() being able to write a full digest size for the last member of the tags array. The Linux kernel CVE team has assigned CVE-2022-49044 to this issue. Affected and fixed versions =========================== Fixed in 4.19.240 with commit 6a95d91c0b315c965198f6ab7dec7c94129e17e0 Fixed in 5.4.190 with commit 7f84c937222944c03f4615ca4742df6bed0e5adf Fixed in 5.10.112 with commit cd02b2687d66f0a8e716384de4b9a0671331f1dc Fixed in 5.15.35 with commit 6b4bf97587ef6c1927a78934b700204920655123 Fixed in 5.17.4 with commit 4d485cf9b609709e45d5113e6e2b1b01254b2fe9 Fixed in 5.18 with commit 08c1af8f1c13bbf210f1760132f4df24d0ed46d6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49044 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/dm-integrity.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0 https://git.kernel.org/stable/c/7f84c937222944c03f4615ca4742df6bed0e5adf https://git.kernel.org/stable/c/cd02b2687d66f0a8e716384de4b9a0671331f1dc https://git.kernel.org/stable/c/6b4bf97587ef6c1927a78934b700204920655123 https://git.kernel.org/stable/c/4d485cf9b609709e45d5113e6e2b1b01254b2fe9 https://git.kernel.org/stable/c/08c1af8f1c13bbf210f1760132f4df24d0ed46d6
Powered by blists - more mailing lists