| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122456-CVE-2022-50763-923e@gregkh> Date: Wed, 24 Dec 2025 14:06:14 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50763: crypto: marvell/octeontx - prevent integer overflows From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/octeontx - prevent integer overflows The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "code_length * 2" can overflow. The round_up(ucode_size, 16) + sizeof() expression can overflow too. Prevent these overflows. The Linux kernel CVE team has assigned CVE-2022-50763 to this issue. Affected and fixed versions =========================== Issue introduced in 5.7 with commit d9110b0b01ff1cd02751cd5c2c94e938a8906083 and fixed in 5.10.150 with commit 7bfa7d67735381715c98091194e81e7685f9b7db Issue introduced in 5.7 with commit d9110b0b01ff1cd02751cd5c2c94e938a8906083 and fixed in 5.15.75 with commit 12acfa1059ad69aa352ddb2bf23ba1b831aff15f Issue introduced in 5.7 with commit d9110b0b01ff1cd02751cd5c2c94e938a8906083 and fixed in 5.19.17 with commit 8f5eee162e55175d9dac98b5e9b8da76449d2257 Issue introduced in 5.7 with commit d9110b0b01ff1cd02751cd5c2c94e938a8906083 and fixed in 6.0.3 with commit e7ff7a46baafd38d7ed45604397e650d61f5db8d Issue introduced in 5.7 with commit d9110b0b01ff1cd02751cd5c2c94e938a8906083 and fixed in 6.1 with commit caca37cf6c749ff0303f68418cfe7b757a4e0697 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50763 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7bfa7d67735381715c98091194e81e7685f9b7db https://git.kernel.org/stable/c/12acfa1059ad69aa352ddb2bf23ba1b831aff15f https://git.kernel.org/stable/c/8f5eee162e55175d9dac98b5e9b8da76449d2257 https://git.kernel.org/stable/c/e7ff7a46baafd38d7ed45604397e650d61f5db8d https://git.kernel.org/stable/c/caca37cf6c749ff0303f68418cfe7b757a4e0697
Powered by blists - more mailing lists