| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061835-CVE-2022-50022-98b6@gregkh> Date: Wed, 18 Jun 2025 13:01:27 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50022: drivers:md:fix a potential use-after-free bug From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines 2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an use-after-free bug. It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of the function. The Linux kernel CVE team has assigned CVE-2022-50022 to this issue. Affected and fixed versions =========================== Fixed in 4.9.326 with commit 7470a4314b239e9a9580f248fdf4c9a92805490e Fixed in 4.14.291 with commit 09cf99bace7789d91caa8d10fbcfc8b2fb35857f Fixed in 4.19.256 with commit e5b3dd2d92c4511e81f6e4ec9c5bb7ad25e03d13 Fixed in 5.4.211 with commit f5d46f1b47f65da1faf468277b261eb78c8e25b5 Fixed in 5.10.138 with commit 5d8325fd15892c8ab1146edc1d7ed8463de39636 Fixed in 5.15.63 with commit d9b94c3ace549433de8a93eeb27b0391fc8ac406 Fixed in 5.19.4 with commit eb3a4f73f43f839df981dda5859e8e075067a360 Fixed in 6.0 with commit 104212471b1c1817b311771d817fb692af983173 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50022 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/raid5.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7470a4314b239e9a9580f248fdf4c9a92805490e https://git.kernel.org/stable/c/09cf99bace7789d91caa8d10fbcfc8b2fb35857f https://git.kernel.org/stable/c/e5b3dd2d92c4511e81f6e4ec9c5bb7ad25e03d13 https://git.kernel.org/stable/c/f5d46f1b47f65da1faf468277b261eb78c8e25b5 https://git.kernel.org/stable/c/5d8325fd15892c8ab1146edc1d7ed8463de39636 https://git.kernel.org/stable/c/d9b94c3ace549433de8a93eeb27b0391fc8ac406 https://git.kernel.org/stable/c/eb3a4f73f43f839df981dda5859e8e075067a360 https://git.kernel.org/stable/c/104212471b1c1817b311771d817fb692af983173
Powered by blists - more mailing lists