| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123019-CVE-2022-50840-678c@gregkh> Date: Tue, 30 Dec 2025 13:13:26 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50840: scsi: snic: Fix possible UAF in snic_tgt_create() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in snic_tgt_create(), tgt will be freed, but tgt->list will not be removed from snic->disc.tgt_list, then list traversal may cause UAF. Remove from snic->disc.tgt_list before free(). The Linux kernel CVE team has assigned CVE-2022-50840 to this issue. Affected and fixed versions =========================== Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 4.9.337 with commit f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 4.14.303 with commit 3772319e40527e6a5f2ec1d729e01f271d818f5c Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 4.19.270 with commit 3007f96ca20c848d0b1b052df6d2cb5ae5586e78 Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 5.4.229 with commit 6866154c23fba40888ad6d554cccd4bf2edb755e Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 5.10.163 with commit ad27f74e901fc48729733c88818e6b96c813057d Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 5.15.86 with commit 1895e908b3ae66a5312fd1b2cdda2da82993dca7 Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 6.0.16 with commit c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 6.1.2 with commit 4141cd9e8b3379aea52a85d2c35f6eaf26d14e86 Issue introduced in 4.2 with commit c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa and fixed in 6.2 with commit e118df492320176af94deec000ae034cc92be754 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50840 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/snic/snic_disc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff https://git.kernel.org/stable/c/3772319e40527e6a5f2ec1d729e01f271d818f5c https://git.kernel.org/stable/c/3007f96ca20c848d0b1b052df6d2cb5ae5586e78 https://git.kernel.org/stable/c/6866154c23fba40888ad6d554cccd4bf2edb755e https://git.kernel.org/stable/c/ad27f74e901fc48729733c88818e6b96c813057d https://git.kernel.org/stable/c/1895e908b3ae66a5312fd1b2cdda2da82993dca7 https://git.kernel.org/stable/c/c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc https://git.kernel.org/stable/c/4141cd9e8b3379aea52a85d2c35f6eaf26d14e86 https://git.kernel.org/stable/c/e118df492320176af94deec000ae034cc92be754
Powered by blists - more mailing lists