| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102207-CVE-2022-50567-17f3@gregkh> Date: Wed, 22 Oct 2025 15:24:15 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50567: fs: jfs: fix shift-out-of-bounds in dbAllocAG From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp->db_agl2size. The field can be greater than 64 and trigger the shift-out-of-bounds. Fix this bug by adding a check of bmp->db_agl2size in dbMount since this field is used in many following functions. The upper bound for this field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp. Note that, for maintenance, I reorganized error handling code of dbMount. The Linux kernel CVE team has assigned CVE-2022-50567 to this issue. Affected and fixed versions =========================== Fixed in 4.9.337 with commit d3b486946a4e62c7ef6023f7d9c1d049051384ba Fixed in 4.14.303 with commit 3115313cf03113e87c87adee18ee49a20bbdb9ba Fixed in 4.19.270 with commit eea87acb6027be3dd4d3c57186bb22800d57fdda Fixed in 5.4.229 with commit 359616ce587e524107730504891afa4b1a8be58c Fixed in 5.10.163 with commit 3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd Fixed in 5.15.86 with commit 0536f76a2bca83d1a3740517ba22cc93a44b3099 Fixed in 6.0.16 with commit 2c575c8905f7a8b32d5611b91856b69bac2a5bf1 Fixed in 6.1.2 with commit 67973caae78e21ee46a7281aaa8ca364eb9c444f Fixed in 6.2 with commit 898f706695682b9954f280d95e49fa86ffa55d08 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50567 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/jfs/jfs_dmap.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d3b486946a4e62c7ef6023f7d9c1d049051384ba https://git.kernel.org/stable/c/3115313cf03113e87c87adee18ee49a20bbdb9ba https://git.kernel.org/stable/c/eea87acb6027be3dd4d3c57186bb22800d57fdda https://git.kernel.org/stable/c/359616ce587e524107730504891afa4b1a8be58c https://git.kernel.org/stable/c/3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd https://git.kernel.org/stable/c/0536f76a2bca83d1a3740517ba22cc93a44b3099 https://git.kernel.org/stable/c/2c575c8905f7a8b32d5611b91856b69bac2a5bf1 https://git.kernel.org/stable/c/67973caae78e21ee46a7281aaa8ca364eb9c444f https://git.kernel.org/stable/c/898f706695682b9954f280d95e49fa86ffa55d08
Powered by blists - more mailing lists