| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061812-CVE-2022-49957-8ff2@gregkh> Date: Wed, 18 Jun 2025 13:00:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49957: kcm: fix strp_init() order and cleanup From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep warning reported by syzbot go away. The Linux kernel CVE team has assigned CVE-2022-49957 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14.22 with commit 44890e9ff771ef11777b2d1ebf8589255eb12502 and fixed in 4.14.293 with commit 473f394953216614087f4179e55cdf0cf616a13b Issue introduced in 4.15 with commit e5571240236c5652f3e079b1d5866716a7ad819c and fixed in 4.19.258 with commit a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8 Issue introduced in 4.15 with commit e5571240236c5652f3e079b1d5866716a7ad819c and fixed in 5.4.213 with commit 0946ff31d1a8778787bf6708beb20f38715267cc Issue introduced in 4.15 with commit e5571240236c5652f3e079b1d5866716a7ad819c and fixed in 5.10.142 with commit 1b6666964ca1de93a7bf06e122bcf3616dbd33a9 Issue introduced in 4.15 with commit e5571240236c5652f3e079b1d5866716a7ad819c and fixed in 5.15.66 with commit 55fb8c3baa8071c5d533a9ad48624e44e2a04ef5 Issue introduced in 4.15 with commit e5571240236c5652f3e079b1d5866716a7ad819c and fixed in 5.19.8 with commit f865976baa85915c7672f351b74d5974b93215f6 Issue introduced in 4.15 with commit e5571240236c5652f3e079b1d5866716a7ad819c and fixed in 6.0 with commit 8fc29ff3910f3af08a7c40a75d436b5720efe2bf Issue introduced in 4.9.84 with commit 085cbbda4b4cc7dd2ba63806346881c2c2e10107 Issue introduced in 4.9.100 with commit 383250363daf01eb7aa3728c09ef8a4f6d8a3252 Issue introduced in 4.14.41 with commit 19042316b9e12c93bf334a04d4dd7a4e846c7311 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49957 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/kcm/kcmsock.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/473f394953216614087f4179e55cdf0cf616a13b https://git.kernel.org/stable/c/a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8 https://git.kernel.org/stable/c/0946ff31d1a8778787bf6708beb20f38715267cc https://git.kernel.org/stable/c/1b6666964ca1de93a7bf06e122bcf3616dbd33a9 https://git.kernel.org/stable/c/55fb8c3baa8071c5d533a9ad48624e44e2a04ef5 https://git.kernel.org/stable/c/f865976baa85915c7672f351b74d5974b93215f6 https://git.kernel.org/stable/c/8fc29ff3910f3af08a7c40a75d436b5720efe2bf
Powered by blists - more mailing lists