| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091554-CVE-2022-50325-d6bb@gregkh> Date: Mon, 15 Sep 2025 16:49:02 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50325: ASoC: Intel: avs: Fix potential RX buffer overflow From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential RX buffer overflow If an event caused firmware to return invalid RX size for LARGE_CONFIG_GET, memcpy_fromio() could end up copying too many bytes. Fix by utilizing min_t(). The Linux kernel CVE team has assigned CVE-2022-50325 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit f14a1c5a9f830025dc8638303ddefd5f731ae4bc and fixed in 6.0.16 with commit ec1f0c12cb2e614c3fa8e9402f7ffcf82166078a Issue introduced in 5.18 with commit f14a1c5a9f830025dc8638303ddefd5f731ae4bc and fixed in 6.1.2 with commit 0bad12fee5ae16ab439d97c66c4238f5f4cc7f68 Issue introduced in 5.18 with commit f14a1c5a9f830025dc8638303ddefd5f731ae4bc and fixed in 6.2 with commit 23ae34e033b2c0e5e88237af82b163b296fd6aa9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50325 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/intel/avs/ipc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ec1f0c12cb2e614c3fa8e9402f7ffcf82166078a https://git.kernel.org/stable/c/0bad12fee5ae16ab439d97c66c4238f5f4cc7f68 https://git.kernel.org/stable/c/23ae34e033b2c0e5e88237af82b163b296fd6aa9
Powered by blists - more mailing lists