cve/published/2022/CVE-2022-48966.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-48966: net: mvneta: Prevent out of bounds read in mvneta_config_rss()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: mvneta: Prevent out of bounds read in mvneta_config_rss()

 The pp->indir[0] value comes from the user.  It is passed to:

 	if (cpu_online(pp->rxq_def))

 inside the mvneta_percpu_elect() function.  It needs bounds checkeding
 to ensure that it is not beyond the end of the cpu bitmap.

 The Linux kernel CVE team has assigned CVE-2022-48966 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 4.9.336 with commit 3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 4.14.302 with commit 47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 4.19.269 with commit 5a142486a0db6b0b85031f22d69acd0cdcf8f72b
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 5.4.227 with commit eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 5.10.159 with commit 146ebee8fcdb349d7ec0e49915e6cdafb92544ae
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 5.15.83 with commit a6b30598fec84f8809f5417cde73071ca43e8471
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 6.0.13 with commit 6ca0a506dddc3e1d636935eef339576b263bf3d8
 	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 6.1 with commit e8b4fc13900b8e8be48debffd0dfd391772501f7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-48966
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/ethernet/marvell/mvneta.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
 	https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c
 	https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b
 	https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50
 	https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae
 	https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471
 	https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8
 	https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-48966: net: mvneta: Prevent out of bounds read in mvneta_config_rss()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: mvneta: Prevent out of bounds read in mvneta_config_rss()

	The pp->indir[0] value comes from the user. It is passed to:

	if (cpu_online(pp->rxq_def))

	inside the mvneta_percpu_elect() function. It needs bounds checkeding
	to ensure that it is not beyond the end of the cpu bitmap.

	The Linux kernel CVE team has assigned CVE-2022-48966 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 4.9.336 with commit 3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 4.14.302 with commit 47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 4.19.269 with commit 5a142486a0db6b0b85031f22d69acd0cdcf8f72b
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 5.4.227 with commit eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 5.10.159 with commit 146ebee8fcdb349d7ec0e49915e6cdafb92544ae
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 5.15.83 with commit a6b30598fec84f8809f5417cde73071ca43e8471
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 6.0.13 with commit 6ca0a506dddc3e1d636935eef339576b263bf3d8
	Issue introduced in 4.5 with commit cad5d847a093077b499a8b0bbfe6804b9226c03e and fixed in 6.1 with commit e8b4fc13900b8e8be48debffd0dfd391772501f7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48966
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/ethernet/marvell/mvneta.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
	https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c
	https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b
	https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50
	https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae
	https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471
	https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8
	https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7