| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061847-CVE-2022-50055-67ab@gregkh> Date: Wed, 18 Jun 2025 13:02:00 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50055: iavf: Fix adminq error handling From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Without this change it is possible to see when unloading interface: 74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] One of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent] The Linux kernel CVE team has assigned CVE-2022-50055 to this issue. Affected and fixed versions =========================== Issue introduced in 3.14 with commit d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 and fixed in 5.4.211 with commit ff289f2be5899efd0e897d2b434a78e36df2c69b Issue introduced in 3.14 with commit d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 and fixed in 5.10.138 with commit 4fe80492d53971d9a49f39f3c86d2d67c6f3638a Issue introduced in 3.14 with commit d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 and fixed in 5.15.63 with commit dab6b551f5ba4c79a0dd4970dd8533c37a7b100f Issue introduced in 3.14 with commit d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 and fixed in 5.19.4 with commit 35c63581fdefdcbaeae8cded18908523252353ad Issue introduced in 3.14 with commit d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 and fixed in 6.0 with commit 419831617ed349992c84344dbd9e627f9e68f842 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50055 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/intel/iavf/iavf_adminq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ff289f2be5899efd0e897d2b434a78e36df2c69b https://git.kernel.org/stable/c/4fe80492d53971d9a49f39f3c86d2d67c6f3638a https://git.kernel.org/stable/c/dab6b551f5ba4c79a0dd4970dd8533c37a7b100f https://git.kernel.org/stable/c/35c63581fdefdcbaeae8cded18908523252353ad https://git.kernel.org/stable/c/419831617ed349992c84344dbd9e627f9e68f842
Powered by blists - more mailing lists