Bug 2067482 (CVE-2022-2964) - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.
Summary: CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet de...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2964
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2076785 2076784 2120503 2120504 2120505 2120506 2120507 2120508 2120509 2120510 2120511 2120513 2120514 2120515 2120516 2120517 2120518 2120519 2120520 2130094 2130095 2130096 2130097 2130098 2130099 2130100 2130101 2142722 2142723 2142724 2142725 2142784 2142785 2143045 2143046
Blocks: 2067483 2120685
TreeView+ depends on / blocked
 
Reported: 2022-03-23 21:10 UTC by Pedro Sampaio
Modified: 2023-05-16 18:49 UTC (History)
56 users (show)

Fixed In Version: kernel 5.17
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
Clone Of:
Environment:
Last Closed: 2023-05-16 18:49:04 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:0131 0 None None None 2023-01-12 12:54:57 UTC
Red Hat Product Errata RHBA-2023:0157 0 None None None 2023-01-12 14:26:15 UTC
Red Hat Product Errata RHBA-2023:0176 0 None None None 2023-01-16 11:53:36 UTC
Red Hat Product Errata RHBA-2023:0177 0 None None None 2023-01-16 11:55:56 UTC
Red Hat Product Errata RHBA-2023:0178 0 None None None 2023-01-16 12:14:10 UTC
Red Hat Product Errata RHBA-2023:0188 0 None None None 2023-01-17 11:06:46 UTC
Red Hat Product Errata RHBA-2023:0267 0 None None None 2023-01-19 09:54:02 UTC
Red Hat Product Errata RHBA-2023:0529 0 None None None 2023-01-30 15:24:33 UTC
Red Hat Product Errata RHSA-2023:0101 0 None None None 2023-01-12 09:19:21 UTC
Red Hat Product Errata RHSA-2023:0114 0 None None None 2023-01-12 09:22:55 UTC
Red Hat Product Errata RHSA-2023:0123 0 None None None 2023-01-12 09:26:12 UTC
Red Hat Product Errata RHSA-2023:0300 0 None None None 2023-01-23 15:17:00 UTC
Red Hat Product Errata RHSA-2023:0334 0 None None None 2023-01-23 15:21:22 UTC
Red Hat Product Errata RHSA-2023:0348 0 None None None 2023-01-23 15:23:10 UTC
Red Hat Product Errata RHSA-2023:0392 0 None None None 2023-01-24 08:44:24 UTC
Red Hat Product Errata RHSA-2023:0395 0 None None None 2023-01-24 08:45:01 UTC
Red Hat Product Errata RHSA-2023:0396 0 None None None 2023-01-24 08:45:10 UTC
Red Hat Product Errata RHSA-2023:0399 0 None None None 2023-01-24 10:09:32 UTC
Red Hat Product Errata RHSA-2023:0400 0 None None None 2023-01-24 10:09:52 UTC
Red Hat Product Errata RHSA-2023:0404 0 None None None 2023-01-24 10:10:33 UTC
Red Hat Product Errata RHSA-2023:0496 0 None None None 2023-01-30 14:37:18 UTC
Red Hat Product Errata RHSA-2023:0499 0 None None None 2023-01-30 14:31:43 UTC
Red Hat Product Errata RHSA-2023:0512 0 None None None 2023-01-30 14:42:50 UTC
Red Hat Product Errata RHSA-2023:0526 0 None None None 2023-01-30 14:41:21 UTC
Red Hat Product Errata RHSA-2023:0531 0 None None None 2023-01-30 15:27:57 UTC
Red Hat Product Errata RHSA-2023:0536 0 None None None 2023-01-30 15:08:28 UTC
Red Hat Product Errata RHSA-2023:0856 0 None None None 2023-02-21 10:03:02 UTC
Red Hat Product Errata RHSA-2023:0858 0 None None None 2023-02-21 10:03:32 UTC
Red Hat Product Errata RHSA-2023:1130 0 None None None 2023-03-07 13:54:01 UTC
Red Hat Product Errata RHSA-2023:1192 0 None None None 2023-03-13 14:16:03 UTC

Description Pedro Sampaio 2022-03-23 21:10:31 UTC 
The linux kernels driver for the "ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices" contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. 


References:

https://www.spinics.net/lists/stable/msg536418.html

Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
Comment 1 Sage McTaggart 2022-04-19 20:12:08 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2076784]
Comment 3 Justin M. Forbes 2022-04-20 14:07:47 UTC 
This was fixed for Fedora with the 5.16.10 stable kernel updates.
Comment 17 Wade Mealing 2022-09-27 05:00:57 UTC 
I'm going to ask IR to make the relevant trackers as my tooling is currently misbehaving.
Comment 33 errata-xmlrpc 2023-01-12 09:19:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0101 https://access.redhat.com/errata/RHSA-2023:0101
Comment 34 errata-xmlrpc 2023-01-12 09:22:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0114 https://access.redhat.com/errata/RHSA-2023:0114
Comment 35 errata-xmlrpc 2023-01-12 09:26:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0123 https://access.redhat.com/errata/RHSA-2023:0123
Comment 36 errata-xmlrpc 2023-01-23 15:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0300 https://access.redhat.com/errata/RHSA-2023:0300
Comment 37 errata-xmlrpc 2023-01-23 15:21:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0334 https://access.redhat.com/errata/RHSA-2023:0334
Comment 38 errata-xmlrpc 2023-01-23 15:23:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0348 https://access.redhat.com/errata/RHSA-2023:0348
Comment 39 errata-xmlrpc 2023-01-24 08:44:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0392 https://access.redhat.com/errata/RHSA-2023:0392
Comment 40 errata-xmlrpc 2023-01-24 08:44:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0395 https://access.redhat.com/errata/RHSA-2023:0395
Comment 41 errata-xmlrpc 2023-01-24 08:45:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2023:0396 https://access.redhat.com/errata/RHSA-2023:0396
Comment 42 errata-xmlrpc 2023-01-24 10:09:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0399 https://access.redhat.com/errata/RHSA-2023:0399
Comment 43 errata-xmlrpc 2023-01-24 10:09:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0400 https://access.redhat.com/errata/RHSA-2023:0400
Comment 44 errata-xmlrpc 2023-01-24 10:10:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0404 https://access.redhat.com/errata/RHSA-2023:0404
Comment 45 errata-xmlrpc 2023-01-30 14:31:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0499 https://access.redhat.com/errata/RHSA-2023:0499
Comment 46 errata-xmlrpc 2023-01-30 14:37:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0496 https://access.redhat.com/errata/RHSA-2023:0496
Comment 47 errata-xmlrpc 2023-01-30 14:41:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0526 https://access.redhat.com/errata/RHSA-2023:0526
Comment 48 errata-xmlrpc 2023-01-30 14:42:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0512 https://access.redhat.com/errata/RHSA-2023:0512
Comment 49 errata-xmlrpc 2023-01-30 15:08:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0536 https://access.redhat.com/errata/RHSA-2023:0536
Comment 50 errata-xmlrpc 2023-01-30 15:27:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0531 https://access.redhat.com/errata/RHSA-2023:0531
Comment 51 errata-xmlrpc 2023-02-21 10:02:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0856 https://access.redhat.com/errata/RHSA-2023:0856
Comment 52 errata-xmlrpc 2023-02-21 10:03:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0858 https://access.redhat.com/errata/RHSA-2023:0858
Comment 53 errata-xmlrpc 2023-03-07 13:53:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1130 https://access.redhat.com/errata/RHSA-2023:1130
Comment 54 errata-xmlrpc 2023-03-13 14:15:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1192 https://access.redhat.com/errata/RHSA-2023:1192
Comment 61 Product Security DevOps Team 2023-05-16 18:49:00 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2964
Note You need to log in before you can comment on or make changes to this bug.