| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061824-CVE-2022-50156-3e2e@gregkh> Date: Wed, 18 Jun 2025 13:03:41 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50156: HID: cp2112: prevent a buffer overflow in cp2112_xfer() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'data->block[1]' too small (33 vs 255) drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too small (64 vs 255) The 'read_length' variable is provided by 'data->block[0]' which comes from user and it(read_length) can take a value between 0-255. Add an upper bound to 'read_length' variable to prevent a buffer overflow in memcpy(). The Linux kernel CVE team has assigned CVE-2022-50156 to this issue. Affected and fixed versions =========================== Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 4.19.256 with commit 3af7d60e9a6c17d6d41c4341f8020511887d372d Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 5.4.211 with commit 519ff31a6ddd87aa4905bd9bf3b92e8b88801614 Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 5.10.137 with commit ebda3d6b004bb6127a66a616524a2de152302ca7 Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 5.15.61 with commit 8489a20ac481b08c0391608d81ed3796d373cfdf Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 5.18.18 with commit e7028944e61014ae915e7fb74963d3835f2f761a Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 5.19.2 with commit 26e427ac85c2b8d0d108cc80b6de34d33e2780c4 Issue introduced in 4.15 with commit 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 and fixed in 6.0 with commit 381583845d19cb4bd21c8193449385f3fefa9caf Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50156 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hid/hid-cp2112.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3af7d60e9a6c17d6d41c4341f8020511887d372d https://git.kernel.org/stable/c/519ff31a6ddd87aa4905bd9bf3b92e8b88801614 https://git.kernel.org/stable/c/ebda3d6b004bb6127a66a616524a2de152302ca7 https://git.kernel.org/stable/c/8489a20ac481b08c0391608d81ed3796d373cfdf https://git.kernel.org/stable/c/e7028944e61014ae915e7fb74963d3835f2f761a https://git.kernel.org/stable/c/26e427ac85c2b8d0d108cc80b6de34d33e2780c4 https://git.kernel.org/stable/c/381583845d19cb4bd21c8193449385f3fefa9caf
Powered by blists - more mailing lists