| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091714-CVE-2022-50356-fe76@gregkh> Date: Wed, 17 Sep 2025 16:56:15 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50356: net: sched: sfb: fix null pointer access issue when sfb_init() fails From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is invoked to clear resources. In this case, the q->qdisc is NULL, and it will cause gpf issue. The process is as follows: qdisc_create_dflt() sfb_init() tcf_block_get() --->failed, q->qdisc is NULL ... qdisc_put() ... sfb_reset() qdisc_reset(q->qdisc) --->q->qdisc is NULL ops = qdisc->ops The following is the Call Trace information: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] RIP: 0010:qdisc_reset+0x2b/0x6f0 Call Trace: <TASK> sfb_reset+0x37/0xd0 qdisc_reset+0xed/0x6f0 qdisc_destroy+0x82/0x4c0 qdisc_put+0x9e/0xb0 qdisc_create_dflt+0x2c3/0x4a0 mqprio_init+0xa71/0x1760 qdisc_create+0x3eb/0x1000 tc_modify_qdisc+0x408/0x1720 rtnetlink_rcv_msg+0x38e/0xac0 netlink_rcv_skb+0x12d/0x3a0 netlink_unicast+0x4a2/0x740 netlink_sendmsg+0x826/0xcc0 sock_sendmsg+0xc5/0x100 ____sys_sendmsg+0x583/0x690 ___sys_sendmsg+0xe8/0x160 __sys_sendmsg+0xbf/0x160 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f2164122d04 </TASK> The Linux kernel CVE team has assigned CVE-2022-50356 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.39 with commit e13e02a3c68d899169c78d9a18689bd73491d59a and fixed in 5.10.152 with commit ded86c4191a3c17f8200d17a7d8a6f63b74554ae Issue introduced in 2.6.39 with commit e13e02a3c68d899169c78d9a18689bd73491d59a and fixed in 5.15.76 with commit c2e1e59d59fafe297779ceae1fe0e6fbebc3e745 Issue introduced in 2.6.39 with commit e13e02a3c68d899169c78d9a18689bd73491d59a and fixed in 6.0.6 with commit 723399af2795fb95687a531c9480464b5f489333 Issue introduced in 2.6.39 with commit e13e02a3c68d899169c78d9a18689bd73491d59a and fixed in 6.1 with commit 2a3fc78210b9f0e85372a2435368962009f480fc Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50356 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/sched/sch_sfb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ded86c4191a3c17f8200d17a7d8a6f63b74554ae https://git.kernel.org/stable/c/c2e1e59d59fafe297779ceae1fe0e6fbebc3e745 https://git.kernel.org/stable/c/723399af2795fb95687a531c9480464b5f489333 https://git.kernel.org/stable/c/2a3fc78210b9f0e85372a2435368962009f480fc
Powered by blists - more mailing lists