2153067 – (CVE-2022-3105) CVE-2022-3105 Kernel: uapi_finalize's return value not checked leading to null pointer dereference

Bug 2153067 (CVE-2022-3105) - CVE-2022-3105 Kernel: uapi_finalize's return value not checked leading to null pointer dereference

Summary: CVE-2022-3105 Kernel: uapi_finalize's return value not checked leading to nul...

Keywords:
Status:	NEW
Alias:	CVE-2022-3105
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2153051
TreeView+	depends on / blocked

Reported:	2022-12-13 22:09 UTC by Sage McTaggart
Modified:	2023-02-14 15:15 UTC (History)
CC List:	22 users (show)
Fixed In Version:	Linux 5.17-rc6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments	(Terms of Use)

Description Sage McTaggart 2022-12-13 22:09:08 UTC

[Suggested description]
An issue was discovered in the Linux kernel through 5.16-rc6.
uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of
kmalloc_array().

------------------------------------------

[VulnerabilityType Other]
NULL Pointer Dereference

------------------------------------------

[Vendor of Product]
the development group

------------------------------------------

[Affected Product Code Base]
Linux kernel - 5.16-rc6

------------------------------------------

[Reference]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=7694a7de22c53a312ea98960fcafc6ec62046531

------------------------------------------

[Discoverer]
Jiasheng Jiang

Note You need to log in before you can comment on or make changes to this bug.

acaringi
bhu
ddepaula
dhoward
dvlasenk
hkrzesin
jarod
jfaracco
jferlan
jforbes
joe.lawrence
jshortt
jstancek
kcarcia
kernel-mgr
lzampier
mcascell
nmurray
ptalbert
rvrbovsk
scweaver
walters