2153052 – (CVE-2022-3108) CVE-2022-3108 Kernel: kmemdup's return value not checked

Bug 2153052 (CVE-2022-3108) - CVE-2022-3108 Kernel: kmemdup's return value not checked

Summary: CVE-2022-3108 Kernel: kmemdup's return value not checked

Keywords:
Status:	NEW
Alias:	CVE-2022-3108
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	Embargoed2153051
TreeView+	depends on / blocked

Reported:	2022-12-13 21:48 UTC by Sage McTaggart
Modified:	2023-04-01 08:44 UTC (History)
CC List:	20 users (show)
Fixed In Version:	Linux 5.17-rc6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments	(Terms of Use)

Description Sage McTaggart 2022-12-13 21:48:49 UTC

[Suggested description]
An issue was discovered in the Linux kernel through 5.16-rc6.
kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks
check of the return value of kmemdup().

------------------------------------------

[VulnerabilityType Other]
NULL Pointer Dereference

------------------------------------------

[Vendor of Product]
the development group

------------------------------------------

[Affected Product Code Base]
Linux kernel - 5.16-rc6

------------------------------------------

[Reference]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=abfaf0eee97925905e742aa3b0b72e04a918fa9e

------------------------------------------

[Discoverer]
Jiasheng Jiang

Note You need to log in before you can comment on or make changes to this bug.

acaringi
bhu
ddepaula
dvlasenk
hkrzesin
jarod
jfaracco
jferlan
jforbes
joe.lawrence
jshortt
jstancek
kcarcia
kernel-mgr
lzampier
nmurray
ptalbert
rvrbovsk
scweaver
walters