Bug 2135717 (CVE-2022-3577)
| Summary: | CVE-2022-3577 kernel: HID: bigben: slab-out-of-bounds Write in bigben_probe | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, brdeoliv, bskeggs, ddepaula, dhoward, dvlasenk, fhrbata, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jfaracco, jferlan, jforbes, jglisse, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lzampier, masami256, mchehab, nmurray, ptalbert, rvrbovsk, scweaver, steved, walters |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Linux kernel 5.19-rc1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-30 09:28:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2135718 | ||
| Bug Blocks: | 2127143 | ||
|
Description
Alex
2022-10-18 09:05:58 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2135718] Apart from this vulnerability, two other memory leak vulnerabilities were reported together with this one. All 3 vulnerabilities actual only if some specific hardware being used (that not supported by Red Hat Enterprise Linux, so all version of Red Hat Linux not affected by any of these 3). The other two are: In drivers/android/binderfs.c of Linux kernel before 5.16.11, the failure of d_make_root does not initialize s_root, leading to memory leak and refcount unbalance. To exploit the vulnerability, one must craft a syscall sequence to trigger an allocation failure in binderfs_fill_super. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next&id=9d64d2405f7d30d49818f6682acd0392348f0fdb pvr2_hdw_create in drivers/media/usb/pvrusb2/pvrusb2-hdw.c in Linux kernel through 5.19 misses the error handling and forgets to unregister the v4l2 device, leading to refcount unbalance and memory leak issue. To exploit the vulnerability, one must craft a syscall sequence to execute the error handling code. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0 This was fixed for Fedora with the 5.17.14 stable kernel updates. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3577 |