Bug 2182422 (CVE-2023-22997) - CVE-2023-22997 kernel: module: improper return value check in gzip/xz module decompress
Summary: CVE-2023-22997 kernel: module: improper return value check in gzip/xz module ...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-22997
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2174321
TreeView+ depends on / blocked
 
Reported: 2023-03-28 15:17 UTC by Mauro Matteo Cascella
Modified: 2023-03-28 15:31 UTC (History)
44 users (show)

Fixed In Version: kernel 6.2-rc1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-03-28 15:19:27 UTC
Embargoed:

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2023-03-28 15:17:39 UTC 
NVD description: In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Upstream commit:
https://github.com/torvalds/linux/commit/45af1d7aae7d5520d2858f8517a1342646f015db
Note You need to log in before you can comment on or make changes to this bug.