2258012 – (CVE-2022-48619) CVE-2022-48619 kernel: event code falling outside of a bitmap in input_set_capability() leads to panic

Bug 2258012 (CVE-2022-48619) - CVE-2022-48619 kernel: event code falling outside of a bitmap in input_set_capability() leads to panic

Summary: CVE-2022-48619 kernel: event code falling outside of a bitmap in input_set_ca...

Keywords:
Status:	NEW
Alias:	CVE-2022-48619
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2263748
Blocks:	2258025
TreeView+	depends on / blocked

Reported:	2024-01-12 06:14 UTC by TEJ RATHI
Modified:	2024-10-17 06:44 UTC (History)
CC List:	46 users (show)
Fixed In Version:	kernel 5.18-rc1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2024:7043	None	None	None	2024-09-24 09:41:26 UTC
Red Hat Product Errata	RHBA-2024:7198	None	None	None	2024-09-26 09:49:06 UTC
Red Hat Product Errata	RHBA-2024:7236	None	None	None	2024-09-26 14:31:39 UTC
Red Hat Product Errata	RHBA-2024:7637	None	None	None	2024-10-03 14:44:12 UTC
Red Hat Product Errata	RHBA-2024:8227	None	None	None	2024-10-17 06:44:09 UTC
Red Hat Product Errata	RHSA-2024:7000	None	None	None	2024-09-24 02:29:00 UTC
Red Hat Product Errata	RHSA-2024:7001	None	None	None	2024-09-24 00:36:13 UTC

Description TEJ RATHI 2024-01-12 06:14:36 UTC

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10
https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc

Comment 2 Alex 2024-02-11 16:03:38 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2263748]

Comment 4 Justin M. Forbes 2024-02-15 19:26:58 UTC

This was fixed for Fedora with the 5.17.10 stable kernel updates.

Comment 125 errata-xmlrpc 2024-09-24 00:36:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001

Comment 126 errata-xmlrpc 2024-09-24 02:28:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
bhu
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
ldoskova
lgoncalv
lzampier
mmilgram
mstowell
nmurray
ptalbert
rogbas
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang