| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061847-CVE-2022-50222-bb8e@gregkh>
Date: Wed, 18 Jun 2025 13:04:47 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50222: tty: vt: initialize unicode screen buffer
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
tty: vt: initialize unicode screen buffer
syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read
immediately after resize operation. Initialize buffer using kzalloc().
----------
#include <fcntl.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <linux/fb.h>
int main(int argc, char *argv[])
{
struct fb_var_screeninfo var = { };
const int fb_fd = open("/dev/fb0", 3);
ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);
var.yres = 0x21;
ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);
return read(open("/dev/vcsu", O_RDONLY), &var, sizeof(var)) == -1;
}
----------
The Linux kernel CVE team has assigned CVE-2022-50222 to this issue.
Affected and fixed versions
===========================
Fixed in 4.19.256 with commit e02fa87e572bb7d90dcdbce9c0f519f1eb992e96
Fixed in 5.4.211 with commit cc9e874dace0c89ae535230c7da19b764746811e
Fixed in 5.10.137 with commit 5c6c65681f39bf71bc72ed589dec3b8b20e75cac
Fixed in 5.15.61 with commit 446f123aa6021e5f75a20789f05ff3f7ae51a42f
Fixed in 5.18.18 with commit 777a462e1ae50a01fc4a871efa8e34d596a1e17d
Fixed in 5.19.2 with commit e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def
Fixed in 6.0 with commit af77c56aa35325daa2bc2bed5c2ebf169be61b86
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50222
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/tty/vt/vt.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/e02fa87e572bb7d90dcdbce9c0f519f1eb992e96
https://git.kernel.org/stable/c/cc9e874dace0c89ae535230c7da19b764746811e
https://git.kernel.org/stable/c/5c6c65681f39bf71bc72ed589dec3b8b20e75cac
https://git.kernel.org/stable/c/446f123aa6021e5f75a20789f05ff3f7ae51a42f
https://git.kernel.org/stable/c/777a462e1ae50a01fc4a871efa8e34d596a1e17d
https://git.kernel.org/stable/c/e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def
https://git.kernel.org/stable/c/af77c56aa35325daa2bc2bed5c2ebf169be61b86
Powered by blists - more mailing lists