| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100701-CVE-2022-50511-5d8d@gregkh> Date: Tue, 7 Oct 2025 17:18:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50511: lib/fonts: fix undefined behavior in bit shift for get_default_font From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for get_default_font Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in lib/fonts/fonts.c:139:20 left shift of 1 by 31 places cannot be represented in type 'int' <TASK> dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c get_default_font+0x1c7/0x1f0 fbcon_startup+0x347/0x3a0 do_take_over_console+0xce/0x270 do_fbcon_takeover+0xa1/0x170 do_fb_registered+0x2a8/0x340 fbcon_fb_registered+0x47/0xe0 register_framebuffer+0x294/0x4a0 __drm_fb_helper_initial_config_and_unlock+0x43c/0x880 [drm_kms_helper] drm_fb_helper_initial_config+0x52/0x80 [drm_kms_helper] drm_fbdev_client_hotplug+0x156/0x1b0 [drm_kms_helper] drm_fbdev_generic_setup+0xfc/0x290 [drm_kms_helper] bochs_pci_probe+0x6ca/0x772 [bochs] local_pci_probe+0x4d/0xb0 pci_device_probe+0x119/0x320 really_probe+0x181/0x550 __driver_probe_device+0xc6/0x220 driver_probe_device+0x32/0x100 __driver_attach+0x195/0x200 bus_for_each_dev+0xbb/0x120 driver_attach+0x27/0x30 bus_add_driver+0x22e/0x2f0 driver_register+0xa9/0x190 __pci_register_driver+0x90/0xa0 bochs_pci_driver_init+0x52/0x1000 [bochs] do_one_initcall+0x76/0x430 do_init_module+0x61/0x28a load_module+0x1f82/0x2e50 __do_sys_finit_module+0xf8/0x190 __x64_sys_finit_module+0x23/0x30 do_syscall_64+0x58/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> The Linux kernel CVE team has assigned CVE-2022-50511 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.23 with commit c81f717cb9e0bd91dc4b98753cb2705ab0fe2801 and fixed in 5.4.229 with commit e039929e36818507e90901edae87f6fa8bc81093 Issue introduced in 2.6.23 with commit c81f717cb9e0bd91dc4b98753cb2705ab0fe2801 and fixed in 5.10.163 with commit c9a9aa02f0fa3318e0ae5774f404419a1b4759ca Issue introduced in 2.6.23 with commit c81f717cb9e0bd91dc4b98753cb2705ab0fe2801 and fixed in 5.15.86 with commit e83b47580a0738361772d6f24286adfdaba57e36 Issue introduced in 2.6.23 with commit c81f717cb9e0bd91dc4b98753cb2705ab0fe2801 and fixed in 6.0.16 with commit 9c14a85e18a58c102ec223144b7edb5b345c1bea Issue introduced in 2.6.23 with commit c81f717cb9e0bd91dc4b98753cb2705ab0fe2801 and fixed in 6.1.2 with commit 890d91b31f4874361e0df047f57d268a7021cb12 Issue introduced in 2.6.23 with commit c81f717cb9e0bd91dc4b98753cb2705ab0fe2801 and fixed in 6.2 with commit 6fe888c4d2fb174408e4540bb2d5602b9f507f90 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50511 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: lib/fonts/fonts.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e039929e36818507e90901edae87f6fa8bc81093 https://git.kernel.org/stable/c/c9a9aa02f0fa3318e0ae5774f404419a1b4759ca https://git.kernel.org/stable/c/e83b47580a0738361772d6f24286adfdaba57e36 https://git.kernel.org/stable/c/9c14a85e18a58c102ec223144b7edb5b345c1bea https://git.kernel.org/stable/c/890d91b31f4874361e0df047f57d268a7021cb12 https://git.kernel.org/stable/c/6fe888c4d2fb174408e4540bb2d5602b9f507f90
Powered by blists - more mailing lists