| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123024-CVE-2022-50879-47a7@gregkh> Date: Tue, 30 Dec 2025 13:23:28 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50879: objtool: Fix SEGFAULT From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT find_insn() will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference. The Linux kernel CVE team has assigned CVE-2022-50879 to this issue. Affected and fixed versions =========================== Fixed in 5.4.229 with commit 418ef921cce2d7415fab7e3e93529227f239e4bb Fixed in 5.10.163 with commit 0af0e115ff59d638f45416a004cdd8edb38db40c Fixed in 5.15.87 with commit 23a249b1185cdd5bfb6971d1608ba49e589f2288 Fixed in 6.0.17 with commit 38b9415abbd703438ebbc6fb74990bd0fbddc5b9 Fixed in 6.1.3 with commit fcee8a2d4db404a93e690d79e7273b6ef9d33575 Fixed in 6.2 with commit efb11fdb3e1a9f694fa12b70b21e69e55ec59c36 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50879 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: tools/objtool/check.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/418ef921cce2d7415fab7e3e93529227f239e4bb https://git.kernel.org/stable/c/0af0e115ff59d638f45416a004cdd8edb38db40c https://git.kernel.org/stable/c/23a249b1185cdd5bfb6971d1608ba49e589f2288 https://git.kernel.org/stable/c/38b9415abbd703438ebbc6fb74990bd0fbddc5b9 https://git.kernel.org/stable/c/fcee8a2d4db404a93e690d79e7273b6ef9d33575 https://git.kernel.org/stable/c/efb11fdb3e1a9f694fa12b70b21e69e55ec59c36
Powered by blists - more mailing lists