| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122453-CVE-2022-50756-ce43@gregkh> Date: Wed, 24 Dec 2025 14:06:07 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50756: nvme-pci: fix mempool alloc size From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was previously rounding this to 1 list, but we can require 2 in the worst case. In that scenario, the driver would corrupt memory beyond the size provided by the mempool. While unlikely to occur (you'd need a 4MB in exactly 127 phys segments on a queue that doesn't support SGLs), this memory corruption has been observed by kfence. The Linux kernel CVE team has assigned CVE-2022-50756 to this issue. Affected and fixed versions =========================== Issue introduced in 4.18 with commit 943e942e6266f22babee5efeb00f8f672fbff5bd and fixed in 5.10.163 with commit dfb6d54893d544151e7f480bc44cfe7823f5ad23 Issue introduced in 4.18 with commit 943e942e6266f22babee5efeb00f8f672fbff5bd and fixed in 5.15.87 with commit 9141144b37f30e3e7fa024bcfa0a13011e546ba9 Issue introduced in 4.18 with commit 943e942e6266f22babee5efeb00f8f672fbff5bd and fixed in 6.0.17 with commit e1777b4286e526c58b4ee699344b0ad85aaf83a0 Issue introduced in 4.18 with commit 943e942e6266f22babee5efeb00f8f672fbff5bd and fixed in 6.1.3 with commit b1814724e0d7162bdf4799f2d565381bc2251c63 Issue introduced in 4.18 with commit 943e942e6266f22babee5efeb00f8f672fbff5bd and fixed in 6.2 with commit c89a529e823d51dd23c7ec0c047c7a454a428541 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50756 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/nvme/host/pci.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/dfb6d54893d544151e7f480bc44cfe7823f5ad23 https://git.kernel.org/stable/c/9141144b37f30e3e7fa024bcfa0a13011e546ba9 https://git.kernel.org/stable/c/e1777b4286e526c58b4ee699344b0ad85aaf83a0 https://git.kernel.org/stable/c/b1814724e0d7162bdf4799f2d565381bc2251c63 https://git.kernel.org/stable/c/c89a529e823d51dd23c7ec0c047c7a454a428541
Powered by blists - more mailing lists