| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102208-CVE-2022-50575-1768@gregkh> Date: Wed, 22 Oct 2025 15:24:23 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50575: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack trace and messes up dmesg with a warning. Call trace: -> privcmd_ioctl --> privcmd_ioctl_mmap_resource Add __GFP_NOWARN in order to avoid too large allocation warning. This is detected by static analysis using smatch. The Linux kernel CVE team has assigned CVE-2022-50575 to this issue. Affected and fixed versions =========================== Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 4.19.270 with commit 5d68ae32d132ea2af73bc223fd64c46f85302a8b Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 5.4.229 with commit 4f983ee5e5de924d93a7bbb4e6f68f38c6256cd5 Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 5.10.163 with commit 46026bb057c35f5bb111bf95e00cd8366d2e34d4 Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 5.15.86 with commit 0bf874183b32eae2cc20e3c5be38ec3d33e7e564 Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 6.0.16 with commit e0c5f1058ed96f2b7487560c4c4cbd768d13d065 Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 6.1.2 with commit 4da411086f5ab32f811a89ef804980ec106ebb65 Issue introduced in 4.18 with commit 3ad0876554cafa368f574d4d408468510543e9ff and fixed in 6.2 with commit 8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50575 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/xen/privcmd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5d68ae32d132ea2af73bc223fd64c46f85302a8b https://git.kernel.org/stable/c/4f983ee5e5de924d93a7bbb4e6f68f38c6256cd5 https://git.kernel.org/stable/c/46026bb057c35f5bb111bf95e00cd8366d2e34d4 https://git.kernel.org/stable/c/0bf874183b32eae2cc20e3c5be38ec3d33e7e564 https://git.kernel.org/stable/c/e0c5f1058ed96f2b7487560c4c4cbd768d13d065 https://git.kernel.org/stable/c/4da411086f5ab32f811a89ef804980ec106ebb65 https://git.kernel.org/stable/c/8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79
Powered by blists - more mailing lists