Bug 2067482 (CVE-2022-2964)

Summary: CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bdettelb, bhu, bskeggs, chwhite, crwood, ctoe, dbohanno, dvlasenk, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, kyoshida, lgoncalv, linville, lzampier, masami256, mcascell, mchehab, mpoole, nmurray, ptalbert, qzhao, rhandlin, rvrbovsk, sbalasub, scweaver, sdarade, steved, vkumar, walters, williams, wmealing, ycote
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.17 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-16 18:49:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2076785, 2076784, 2120503, 2120504, 2120505, 2120506, 2120507, 2120508, 2120509, 2120510, 2120511, 2120513, 2120514, 2120515, 2120516, 2120517, 2120518, 2120519, 2120520, 2130094, 2130095, 2130096, 2130097, 2130098, 2130099, 2130100, 2130101, 2142722, 2142723, 2142724, 2142725, 2142784, 2142785, 2143045, 2143046    
Bug Blocks: 2067483, 2120685    

Description Pedro Sampaio 2022-03-23 21:10:31 UTC 
The linux kernels driver for the "ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices" contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. 


References:

https://www.spinics.net/lists/stable/msg536418.html

Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
Comment 1 Sage McTaggart 2022-04-19 20:12:08 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2076784]
Comment 3 Justin M. Forbes 2022-04-20 14:07:47 UTC 
This was fixed for Fedora with the 5.16.10 stable kernel updates.
Comment 17 Wade Mealing 2022-09-27 05:00:57 UTC 
I'm going to ask IR to make the relevant trackers as my tooling is currently misbehaving.
Comment 33 errata-xmlrpc 2023-01-12 09:19:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0101 https://access.redhat.com/errata/RHSA-2023:0101
Comment 34 errata-xmlrpc 2023-01-12 09:22:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0114 https://access.redhat.com/errata/RHSA-2023:0114
Comment 35 errata-xmlrpc 2023-01-12 09:26:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0123 https://access.redhat.com/errata/RHSA-2023:0123
Comment 36 errata-xmlrpc 2023-01-23 15:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0300 https://access.redhat.com/errata/RHSA-2023:0300
Comment 37 errata-xmlrpc 2023-01-23 15:21:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0334 https://access.redhat.com/errata/RHSA-2023:0334
Comment 38 errata-xmlrpc 2023-01-23 15:23:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0348 https://access.redhat.com/errata/RHSA-2023:0348
Comment 39 errata-xmlrpc 2023-01-24 08:44:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0392 https://access.redhat.com/errata/RHSA-2023:0392
Comment 40 errata-xmlrpc 2023-01-24 08:44:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0395 https://access.redhat.com/errata/RHSA-2023:0395
Comment 41 errata-xmlrpc 2023-01-24 08:45:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2023:0396 https://access.redhat.com/errata/RHSA-2023:0396
Comment 42 errata-xmlrpc 2023-01-24 10:09:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0399 https://access.redhat.com/errata/RHSA-2023:0399
Comment 43 errata-xmlrpc 2023-01-24 10:09:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0400 https://access.redhat.com/errata/RHSA-2023:0400
Comment 44 errata-xmlrpc 2023-01-24 10:10:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0404 https://access.redhat.com/errata/RHSA-2023:0404
Comment 45 errata-xmlrpc 2023-01-30 14:31:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0499 https://access.redhat.com/errata/RHSA-2023:0499
Comment 46 errata-xmlrpc 2023-01-30 14:37:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0496 https://access.redhat.com/errata/RHSA-2023:0496
Comment 47 errata-xmlrpc 2023-01-30 14:41:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0526 https://access.redhat.com/errata/RHSA-2023:0526
Comment 48 errata-xmlrpc 2023-01-30 14:42:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0512 https://access.redhat.com/errata/RHSA-2023:0512
Comment 49 errata-xmlrpc 2023-01-30 15:08:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0536 https://access.redhat.com/errata/RHSA-2023:0536
Comment 50 errata-xmlrpc 2023-01-30 15:27:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0531 https://access.redhat.com/errata/RHSA-2023:0531
Comment 51 errata-xmlrpc 2023-02-21 10:02:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0856 https://access.redhat.com/errata/RHSA-2023:0856
Comment 52 errata-xmlrpc 2023-02-21 10:03:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0858 https://access.redhat.com/errata/RHSA-2023:0858
Comment 53 errata-xmlrpc 2023-03-07 13:53:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1130 https://access.redhat.com/errata/RHSA-2023:1130
Comment 54 errata-xmlrpc 2023-03-13 14:15:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1192 https://access.redhat.com/errata/RHSA-2023:1192
Comment 61 Product Security DevOps Team 2023-05-16 18:49:00 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2964