| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061823-CVE-2022-49987-1daa@gregkh> Date: Wed, 18 Jun 2025 13:00:52 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49987: md: call __md_stop_writes in md_stop From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop >>From the link [1], we can see raid1d was running even after the path raid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue. [1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a The Linux kernel CVE team has assigned CVE-2022-49987 to this issue. Affected and fixed versions =========================== Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 4.14.292 with commit 1678ca35b80a94d474fdc31e2497ce5d7ed52512 Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 4.19.257 with commit 690b5c90fd2d81fd1d2b6110fa36783232f6dce2 Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 5.4.212 with commit 8e7fb19f1a744fd34e982633ced756fee0498ef7 Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 5.10.140 with commit a5a58fab556bfe618b4c9719eb85712d78c6cb10 Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 5.15.64 with commit 661c01b2181d9413c799127f13143583b69f20fd Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 5.19.6 with commit f42a9819ba84bed2e609a4dff56af37063dcabdc Issue introduced in 4.12 with commit 48df498daf62e1292868005675331929305067f0 and fixed in 6.0 with commit 0dd84b319352bb8ba64752d4e45396d8b13e6018 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49987 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/md.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1678ca35b80a94d474fdc31e2497ce5d7ed52512 https://git.kernel.org/stable/c/690b5c90fd2d81fd1d2b6110fa36783232f6dce2 https://git.kernel.org/stable/c/8e7fb19f1a744fd34e982633ced756fee0498ef7 https://git.kernel.org/stable/c/a5a58fab556bfe618b4c9719eb85712d78c6cb10 https://git.kernel.org/stable/c/661c01b2181d9413c799127f13143583b69f20fd https://git.kernel.org/stable/c/f42a9819ba84bed2e609a4dff56af37063dcabdc https://git.kernel.org/stable/c/0dd84b319352bb8ba64752d4e45396d8b13e6018
Powered by blists - more mailing lists