cve/published/2022/CVE-2022-48837.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-48837: usb: gadget: rndis: prevent integer overflow in rndis_set_response()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 usb: gadget: rndis: prevent integer overflow in rndis_set_response()

 If "BufOffset" is very large the "BufOffset + 8" operation can have an
 integer overflow.

 The Linux kernel CVE team has assigned CVE-2022-48837 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.9.302 with commit ff0a90739925734c91c7e39befe3f4378e0c1369 and fixed in 4.9.308 with commit 8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
 	Issue introduced in 4.14.267 with commit 4c22fbcef778badb00fb8bb9f409daa29811c175 and fixed in 4.14.273 with commit c7953cf03a26876d676145ce5d2ae6d8c9630b90
 	Issue introduced in 4.19.230 with commit db9aaa3026298d652e98f777bc0f5756e2455dda and fixed in 4.19.236 with commit 138d4f739b35dfb40438a0d5d7054965763bfbe7
 	Issue introduced in 5.4.180 with commit c9e952871ae47af784b4aef0a77db02e557074d6 and fixed in 5.4.187 with commit 21829376268397f9fd2c35cfa9135937b6aa3a1e
 	Issue introduced in 5.10.101 with commit fb4ff0f96de37c44236598e8b53fe43b1df36bf3 and fixed in 5.10.108 with commit 28bc0267399f42f987916a7174e2e32f0833cc65
 	Issue introduced in 5.15.24 with commit 2da3b0ab54fb7f4d7c5a82757246d0ee33a47197 and fixed in 5.15.31 with commit 56b38e3ca4064041d93c1ca18828c8cedad2e16c
 	Issue introduced in 5.16.10 with commit 2724ebafda0a8df08a9cb91557d33226bee80f7b and fixed in 5.16.17 with commit df7e088d51cdf78b1a0bf1f3d405c2593295c7b0

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-48837
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/gadget/function/rndis.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
 	https://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90
 	https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7
 	https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e
 	https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65
 	https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c
 	https://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0
 	https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-48837: usb: gadget: rndis: prevent integer overflow in rndis_set_response()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	usb: gadget: rndis: prevent integer overflow in rndis_set_response()

	If "BufOffset" is very large the "BufOffset + 8" operation can have an
	integer overflow.

	The Linux kernel CVE team has assigned CVE-2022-48837 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.9.302 with commit ff0a90739925734c91c7e39befe3f4378e0c1369 and fixed in 4.9.308 with commit 8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
	Issue introduced in 4.14.267 with commit 4c22fbcef778badb00fb8bb9f409daa29811c175 and fixed in 4.14.273 with commit c7953cf03a26876d676145ce5d2ae6d8c9630b90
	Issue introduced in 4.19.230 with commit db9aaa3026298d652e98f777bc0f5756e2455dda and fixed in 4.19.236 with commit 138d4f739b35dfb40438a0d5d7054965763bfbe7
	Issue introduced in 5.4.180 with commit c9e952871ae47af784b4aef0a77db02e557074d6 and fixed in 5.4.187 with commit 21829376268397f9fd2c35cfa9135937b6aa3a1e
	Issue introduced in 5.10.101 with commit fb4ff0f96de37c44236598e8b53fe43b1df36bf3 and fixed in 5.10.108 with commit 28bc0267399f42f987916a7174e2e32f0833cc65
	Issue introduced in 5.15.24 with commit 2da3b0ab54fb7f4d7c5a82757246d0ee33a47197 and fixed in 5.15.31 with commit 56b38e3ca4064041d93c1ca18828c8cedad2e16c
	Issue introduced in 5.16.10 with commit 2724ebafda0a8df08a9cb91557d33226bee80f7b and fixed in 5.16.17 with commit df7e088d51cdf78b1a0bf1f3d405c2593295c7b0

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48837
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/gadget/function/rndis.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
	https://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90
	https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7
	https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e
	https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65
	https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c
	https://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0
	https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa