| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061833-CVE-2022-50181-f573@gregkh> Date: Wed, 18 Jun 2025 13:04:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50181: virtio-gpu: fix a missing check to avoid NULL dereference From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ] The Linux kernel CVE team has assigned CVE-2022-50181 to this issue. Affected and fixed versions =========================== Issue introduced in 4.4 with commit 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 and fixed in 5.10.137 with commit 259773fc874258606c0121767a4a27466ff337eb Issue introduced in 4.4 with commit 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 and fixed in 5.15.61 with commit 39caef09666c1d8274abf9472c72bcac236dc5fb Issue introduced in 4.4 with commit 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 and fixed in 5.18.18 with commit adbdd21983fa292e53aec3eab97306b2961ea887 Issue introduced in 4.4 with commit 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 and fixed in 5.19.2 with commit 367882a5a9448b5e1ba756125308092d614cb96c Issue introduced in 4.4 with commit 62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 and fixed in 6.0 with commit bd63f11f4c3c46afec07d821f74736161ff6e526 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50181 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/virtio/virtgpu_ioctl.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/259773fc874258606c0121767a4a27466ff337eb https://git.kernel.org/stable/c/39caef09666c1d8274abf9472c72bcac236dc5fb https://git.kernel.org/stable/c/adbdd21983fa292e53aec3eab97306b2961ea887 https://git.kernel.org/stable/c/367882a5a9448b5e1ba756125308092d614cb96c https://git.kernel.org/stable/c/bd63f11f4c3c46afec07d821f74736161ff6e526
Powered by blists - more mailing lists