| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061815-CVE-2022-50131-4df3@gregkh> Date: Wed, 18 Jun 2025 13:03:16 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50131: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() '&mcp->txbuf[5]' too small (59 vs 255) drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf' too small (34 vs 255) The 'len' variable can take a value between 0-255 as it can come from data->block[0] and it is user data. So add an bound check to prevent a buffer overflow in memcpy(). The Linux kernel CVE team has assigned CVE-2022-50131 to this issue. Affected and fixed versions =========================== Issue introduced in 5.7 with commit 67a95c21463d066060b0f66d65a75d45bb386ffb and fixed in 5.10.137 with commit 66c8e816f2f2ca4a61b406503bd10bad1b35f72f Issue introduced in 5.7 with commit 67a95c21463d066060b0f66d65a75d45bb386ffb and fixed in 5.15.61 with commit 91443c669d280937968f0aa4edefa741cfe35314 Issue introduced in 5.7 with commit 67a95c21463d066060b0f66d65a75d45bb386ffb and fixed in 5.18.18 with commit 6402116a7b5ec80fa40fd145a80c813019cd555f Issue introduced in 5.7 with commit 67a95c21463d066060b0f66d65a75d45bb386ffb and fixed in 5.19.2 with commit 3c0f8a59f2cc8841ee6653399a77f4f3e6e9a270 Issue introduced in 5.7 with commit 67a95c21463d066060b0f66d65a75d45bb386ffb and fixed in 6.0 with commit 62ac2473553a00229e67bdf3cb023b62cf7f5a9a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50131 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hid/hid-mcp2221.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/66c8e816f2f2ca4a61b406503bd10bad1b35f72f https://git.kernel.org/stable/c/91443c669d280937968f0aa4edefa741cfe35314 https://git.kernel.org/stable/c/6402116a7b5ec80fa40fd145a80c813019cd555f https://git.kernel.org/stable/c/3c0f8a59f2cc8841ee6653399a77f4f3e6e9a270 https://git.kernel.org/stable/c/62ac2473553a00229e67bdf3cb023b62cf7f5a9a
Powered by blists - more mailing lists