| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091557-CVE-2022-50299-9449@gregkh> Date: Mon, 15 Sep 2025 16:46:01 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50299: md: Replace snprintf with scnprintf From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffer. [ 1513.267938] ------------[ cut here ]------------ [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510 [ 1513.267944] Modules linked in: <snip> [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510 <-snip-> [ 1513.267982] Call Trace: [ 1513.267986] snprintf+0x45/0x70 [ 1513.267990] ? disk_name+0x71/0xa0 [ 1513.267993] dump_zones+0x114/0x240 [raid0] [ 1513.267996] ? _cond_resched+0x19/0x40 [ 1513.267998] raid0_run+0x19e/0x270 [raid0] [ 1513.268000] md_run+0x5e0/0xc50 [ 1513.268003] ? security_capable+0x3f/0x60 [ 1513.268005] do_md_run+0x19/0x110 [ 1513.268006] md_ioctl+0x195e/0x1f90 [ 1513.268007] blkdev_ioctl+0x91f/0x9f0 [ 1513.268010] block_ioctl+0x3d/0x50 [ 1513.268012] do_vfs_ioctl+0xa9/0x640 [ 1513.268014] ? __fput+0x162/0x260 [ 1513.268016] ksys_ioctl+0x75/0x80 [ 1513.268017] __x64_sys_ioctl+0x1a/0x20 [ 1513.268019] do_syscall_64+0x5e/0x200 [ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9 The Linux kernel CVE team has assigned CVE-2022-50299 to this issue. Affected and fixed versions =========================== Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 4.14.296 with commit 3b0a2bd51f60418ecd67493586a2bb2174199de3 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 4.19.262 with commit 897b1450abe5a67c842a5d24173ce4449ccdfa94 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 5.4.220 with commit 97238b88583c27c9d3b4a0cedb45f816523f17c3 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 5.10.150 with commit 76694e9ce0b2238c0a5f3ba54f9361dd3770ec78 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 5.15.75 with commit 5d8259c9d1915a50c60c7d6e9e7fb9b7da64a175 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 5.19.17 with commit 41ca95033a0c47cd6dace1f0a36a6eb5ebe799e6 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 6.0.3 with commit f95825c4e51cf9a653b0ef947ac78401fc9d3a40 Issue introduced in 4.10 with commit 766038846e875740cf4c20dfc5d5b292ba47360a and fixed in 6.1 with commit 1727fd5015d8f93474148f94e34cda5aa6ad4a43 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50299 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/raid0.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3b0a2bd51f60418ecd67493586a2bb2174199de3 https://git.kernel.org/stable/c/897b1450abe5a67c842a5d24173ce4449ccdfa94 https://git.kernel.org/stable/c/97238b88583c27c9d3b4a0cedb45f816523f17c3 https://git.kernel.org/stable/c/76694e9ce0b2238c0a5f3ba54f9361dd3770ec78 https://git.kernel.org/stable/c/5d8259c9d1915a50c60c7d6e9e7fb9b7da64a175 https://git.kernel.org/stable/c/41ca95033a0c47cd6dace1f0a36a6eb5ebe799e6 https://git.kernel.org/stable/c/f95825c4e51cf9a653b0ef947ac78401fc9d3a40 https://git.kernel.org/stable/c/1727fd5015d8f93474148f94e34cda5aa6ad4a43
Powered by blists - more mailing lists