| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100437-CVE-2022-50473-a1fc@gregkh> Date: Sat, 4 Oct 2025 17:16:32 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50473: cpufreq: Init completion before kobject_init_and_add() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(), it will call uninitialed completion in cpufreq_sysfs_release() when kobject_init_and_add() fails. And that will cause a crash such as the following page fault in complete: BUG: unable to handle page fault for address: fffffffffffffff8 [..] RIP: 0010:complete+0x98/0x1f0 [..] Call Trace: kobject_put+0x1be/0x4c0 cpufreq_online.cold+0xee/0x1fd cpufreq_add_dev+0x183/0x1e0 subsys_interface_register+0x3f5/0x4e0 cpufreq_register_driver+0x3b7/0x670 acpi_cpufreq_init+0x56c/0x1000 [acpi_cpufreq] do_one_initcall+0x13d/0x780 do_init_module+0x1c3/0x630 load_module+0x6e67/0x73b0 __do_sys_finit_module+0x181/0x240 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The Linux kernel CVE team has assigned CVE-2022-50473 to this issue. Affected and fixed versions =========================== Issue introduced in 5.2 with commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee and fixed in 5.4.229 with commit 3cdd91a9163248935720927531066b74f57aa43b Issue introduced in 5.2 with commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee and fixed in 5.10.163 with commit e379b88a8f8cffc99b318e028705ed9e3da0e1e0 Issue introduced in 5.2 with commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee and fixed in 5.15.87 with commit 8fb4c98f20dfca1237de2e3dfdbe78d156784fd3 Issue introduced in 5.2 with commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee and fixed in 6.0.18 with commit d88540acfc7a17079021d866de914112c396edb1 Issue introduced in 5.2 with commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee and fixed in 6.1.4 with commit e7c0c943ed675b66d4bbb16c51c6a3bb58da047e Issue introduced in 5.2 with commit 4ebe36c94aed95de71a8ce6a6762226d31c938ee and fixed in 6.2 with commit 5c51054896bcce1d33d39fead2af73fec24f40b6 Issue introduced in 5.1.6 with commit e977b1477a6725868302957e6b5c330220391797 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50473 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/cpufreq/cpufreq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3cdd91a9163248935720927531066b74f57aa43b https://git.kernel.org/stable/c/e379b88a8f8cffc99b318e028705ed9e3da0e1e0 https://git.kernel.org/stable/c/8fb4c98f20dfca1237de2e3dfdbe78d156784fd3 https://git.kernel.org/stable/c/d88540acfc7a17079021d866de914112c396edb1 https://git.kernel.org/stable/c/e7c0c943ed675b66d4bbb16c51c6a3bb58da047e https://git.kernel.org/stable/c/5c51054896bcce1d33d39fead2af73fec24f40b6
Powered by blists - more mailing lists