| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050114-CVE-2022-49768-d9af@gregkh> Date: Thu, 1 May 2025 16:09:18 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49768: 9p: trans_fd/p9_conn_cancel: drop client lock earlier From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: 9p: trans_fd/p9_conn_cancel: drop client lock earlier syzbot reported a double-lock here and we no longer need this lock after requests have been moved off to local list: just drop the lock earlier. The Linux kernel CVE team has assigned CVE-2022-49768 to this issue. Affected and fixed versions =========================== Fixed in 4.9.334 with commit 82825dbf393f7c7979d462f9609a15bde8092b3f Fixed in 4.14.300 with commit e3031280fe4eaf61a09e60823331f81f321be8e1 Fixed in 4.19.267 with commit fec1406f5e7ab20b71f6d231792b0040e3300aaf Fixed in 5.4.225 with commit 96760723aae1b45f733f702abb4333137143909f Fixed in 5.10.156 with commit f14858bc77c567e089965962877ee726ffad0556 Fixed in 5.15.80 with commit a4f1a01b2e81378fce9ca528d4d8a049e4b58fcd Fixed in 6.0.10 with commit 612c977f5d481f551d03d83d0aef588845c1300c Fixed in 6.1 with commit 52f1c45dde9136f964d63a77d19826c8a74e2c7f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49768 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/9p/trans_fd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/82825dbf393f7c7979d462f9609a15bde8092b3f https://git.kernel.org/stable/c/e3031280fe4eaf61a09e60823331f81f321be8e1 https://git.kernel.org/stable/c/fec1406f5e7ab20b71f6d231792b0040e3300aaf https://git.kernel.org/stable/c/96760723aae1b45f733f702abb4333137143909f https://git.kernel.org/stable/c/f14858bc77c567e089965962877ee726ffad0556 https://git.kernel.org/stable/c/a4f1a01b2e81378fce9ca528d4d8a049e4b58fcd https://git.kernel.org/stable/c/612c977f5d481f551d03d83d0aef588845c1300c https://git.kernel.org/stable/c/52f1c45dde9136f964d63a77d19826c8a74e2c7f
Powered by blists - more mailing lists