| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091852-CVE-2022-50384-b652@gregkh> Date: Thu, 18 Sep 2025 15:33:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50384: staging: vme_user: Fix possible UAF in tsi148_dma_list_add From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free(). The Linux kernel CVE team has assigned CVE-2022-50384 to this issue. Affected and fixed versions =========================== Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 4.9.337 with commit 5cc4eea715a3fcf4e516662f736dfee63979465f Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 4.14.303 with commit 51c0ad3b7c5b01f9314758335a13f157b05fa56d Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 4.19.270 with commit e6b0adff99edf246ba1f8d464530a0438cb1cbda Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 5.4.229 with commit a45ba33d398a821147d7e5f16ead7eb125e331e2 Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 5.10.163 with commit 5d2b286eb034af114f67d9967fc3fbc1829bb712 Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 5.15.86 with commit 1f5661388f43df3ac106ce93e67d8d22b16a78ff Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 6.0.16 with commit cf138759a7e92c75cfc1b7ba705e4108fe330edf Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 6.1.2 with commit 85db68fc901da52314ded80aace99f8b684c7815 Issue introduced in 4.2 with commit b2383c90a9d691201b9aee557776694cde86a935 and fixed in 6.2 with commit 357057ee55d3c99a5de5abe8150f7bca04f8e53b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50384 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/staging/vme_user/vme_tsi148.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5cc4eea715a3fcf4e516662f736dfee63979465f https://git.kernel.org/stable/c/51c0ad3b7c5b01f9314758335a13f157b05fa56d https://git.kernel.org/stable/c/e6b0adff99edf246ba1f8d464530a0438cb1cbda https://git.kernel.org/stable/c/a45ba33d398a821147d7e5f16ead7eb125e331e2 https://git.kernel.org/stable/c/5d2b286eb034af114f67d9967fc3fbc1829bb712 https://git.kernel.org/stable/c/1f5661388f43df3ac106ce93e67d8d22b16a78ff https://git.kernel.org/stable/c/cf138759a7e92c75cfc1b7ba705e4108fe330edf https://git.kernel.org/stable/c/85db68fc901da52314ded80aace99f8b684c7815 https://git.kernel.org/stable/c/357057ee55d3c99a5de5abe8150f7bca04f8e53b
Powered by blists - more mailing lists