| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122451-CVE-2022-50749-dae0@gregkh>
Date: Wed, 24 Dec 2025 14:06:00 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50749: acct: fix potential integer overflow in encode_comp_t()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
acct: fix potential integer overflow in encode_comp_t()
The integer overflow is descripted with following codes:
> 317 static comp_t encode_comp_t(u64 value)
> 318 {
> 319 int exp, rnd;
......
> 341 exp <<= MANTSIZE;
> 342 exp += value;
> 343 return exp;
> 344 }
Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.
The Linux kernel CVE team has assigned CVE-2022-50749 to this issue.
Affected and fixed versions
===========================
Fixed in 4.9.337 with commit e93f995a591c352d35d89c518c54f790e1537754
Fixed in 4.14.303 with commit cf60bbca1b83a7e0927e36dbf178328982927886
Fixed in 4.19.270 with commit 1750a0983c455a9b3badd848471fc8d58cb61f67
Fixed in 5.4.229 with commit a815a3e019456c94b03bd183e7ac22fd29e9e6fd
Fixed in 5.10.163 with commit 6edd0cdee5780fd5f43356b72b29a2a6d48ef6da
Fixed in 5.15.86 with commit ebe16676e1dcaa4556ec4d36ca40c82e99e88cfa
Fixed in 6.0.16 with commit 2224897d8187dc22a83e05d9361efcccf67bcf12
Fixed in 6.1.2 with commit 0aac6e60c464a5f942f995428e67f8ae1c422250
Fixed in 6.2 with commit c5f31c655bcc01b6da53b836ac951c1556245305
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50749
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/acct.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/e93f995a591c352d35d89c518c54f790e1537754
https://git.kernel.org/stable/c/cf60bbca1b83a7e0927e36dbf178328982927886
https://git.kernel.org/stable/c/1750a0983c455a9b3badd848471fc8d58cb61f67
https://git.kernel.org/stable/c/a815a3e019456c94b03bd183e7ac22fd29e9e6fd
https://git.kernel.org/stable/c/6edd0cdee5780fd5f43356b72b29a2a6d48ef6da
https://git.kernel.org/stable/c/ebe16676e1dcaa4556ec4d36ca40c82e99e88cfa
https://git.kernel.org/stable/c/2224897d8187dc22a83e05d9361efcccf67bcf12
https://git.kernel.org/stable/c/0aac6e60c464a5f942f995428e67f8ae1c422250
https://git.kernel.org/stable/c/c5f31c655bcc01b6da53b836ac951c1556245305
Powered by blists - more mailing lists