| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100421-CVE-2022-50503-6c75@gregkh> Date: Sat, 4 Oct 2025 17:51:28 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50503: mtd: lpddr2_nvm: Fix possible null-ptr-deref From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(add_range) invoked, if platform_get_resource() returns NULL. The Linux kernel CVE team has assigned CVE-2022-50503 to this issue. Affected and fixed versions =========================== Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 4.9.337 with commit 4d10bd7416e8383340b5524b8d616b8ad01ef1e1 Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 4.14.303 with commit bb9ccb6121ec4140d366147aa866ceb5a21a8d3d Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 4.19.270 with commit e6aafb57d90ff2c1e18554f3a3c36247a59825ce Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 5.4.229 with commit 8eb64dc5a790a529ef49ec94b3337af09dac15d3 Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 5.10.163 with commit 0919982a1744346269320615615c7deb14106661 Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 5.15.86 with commit e0d3e46ac6669cdf1b99bc7b7d92f1221b9a1ff2 Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 6.0.16 with commit f82f63b3911f1b2da68a14d9c4babf3b55feca55 Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 6.1.2 with commit c4cc41e94d8357f5f02b8ef40257bb23931d8438 Issue introduced in 3.16 with commit 96ba9dd65788a0bd2a7d1e57ec78b7642f0ccc25 and fixed in 6.2 with commit 6bdd45d795adf9e73b38ced5e7f750cd199499ff Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50503 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mtd/lpddr/lpddr2_nvm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/4d10bd7416e8383340b5524b8d616b8ad01ef1e1 https://git.kernel.org/stable/c/bb9ccb6121ec4140d366147aa866ceb5a21a8d3d https://git.kernel.org/stable/c/e6aafb57d90ff2c1e18554f3a3c36247a59825ce https://git.kernel.org/stable/c/8eb64dc5a790a529ef49ec94b3337af09dac15d3 https://git.kernel.org/stable/c/0919982a1744346269320615615c7deb14106661 https://git.kernel.org/stable/c/e0d3e46ac6669cdf1b99bc7b7d92f1221b9a1ff2 https://git.kernel.org/stable/c/f82f63b3911f1b2da68a14d9c4babf3b55feca55 https://git.kernel.org/stable/c/c4cc41e94d8357f5f02b8ef40257bb23931d8438 https://git.kernel.org/stable/c/6bdd45d795adf9e73b38ced5e7f750cd199499ff
Powered by blists - more mailing lists