cve/published/2022/CVE-2022-49098.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49098: Drivers: hv: vmbus: Fix potential crash on module unload

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 Drivers: hv: vmbus: Fix potential crash on module unload

 The vmbus driver relies on the panic notifier infrastructure to perform
 some operations when a panic event is detected. Since vmbus can be built
 as module, it is required that the driver handles both registering and
 unregistering such panic notifier callback.

 After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback")
 though, the panic notifier registration is done unconditionally in the module
 initialization routine whereas the unregistering procedure is conditionally
 guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability
 is set.

 This patch fixes that by unconditionally unregistering the panic notifier
 in the module's exit routine as well.

 The Linux kernel CVE team has assigned CVE-2022-49098 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.118 with commit 5e059fc0f054309036d3f612bc8b0a502ca58545 and fixed in 4.19.238 with commit 6b4c0149a56147b29169e07000d566162892722a
 	Issue introduced in 5.4.35 with commit 9f38f7b46de0747c1909e8c557aa21715dce20c5 and fixed in 5.4.189 with commit 2133c422a103cf7c7768c37b9ac382e73b691892
 	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.10.111 with commit cf580d2e3884dbafd6b90269b03a24d661578624
 	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.15.34 with commit dcd6b1a624c0ffa21034d8b1e02e9d068458f596
 	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.16.20 with commit 5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
 	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.17.3 with commit 3d0078f8bddd58d9bb1ad40bbe929f8633abb276
 	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.18 with commit 792f232d57ff28bbd5f9c4abe0466b23d5879dc8
 	Issue introduced in 5.6.7 with commit caeeb3787167c884b955404a7e669fd77f267e44

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49098
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/hv/vmbus_drv.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/6b4c0149a56147b29169e07000d566162892722a
 	https://git.kernel.org/stable/c/2133c422a103cf7c7768c37b9ac382e73b691892
 	https://git.kernel.org/stable/c/cf580d2e3884dbafd6b90269b03a24d661578624
 	https://git.kernel.org/stable/c/dcd6b1a624c0ffa21034d8b1e02e9d068458f596
 	https://git.kernel.org/stable/c/5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
 	https://git.kernel.org/stable/c/3d0078f8bddd58d9bb1ad40bbe929f8633abb276
 	https://git.kernel.org/stable/c/792f232d57ff28bbd5f9c4abe0466b23d5879dc8
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49098: Drivers: hv: vmbus: Fix potential crash on module unload

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	Drivers: hv: vmbus: Fix potential crash on module unload

	The vmbus driver relies on the panic notifier infrastructure to perform
	some operations when a panic event is detected. Since vmbus can be built
	as module, it is required that the driver handles both registering and
	unregistering such panic notifier callback.

	After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback")
	though, the panic notifier registration is done unconditionally in the module
	initialization routine whereas the unregistering procedure is conditionally
	guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability
	is set.

	This patch fixes that by unconditionally unregistering the panic notifier
	in the module's exit routine as well.

	The Linux kernel CVE team has assigned CVE-2022-49098 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.118 with commit 5e059fc0f054309036d3f612bc8b0a502ca58545 and fixed in 4.19.238 with commit 6b4c0149a56147b29169e07000d566162892722a
	Issue introduced in 5.4.35 with commit 9f38f7b46de0747c1909e8c557aa21715dce20c5 and fixed in 5.4.189 with commit 2133c422a103cf7c7768c37b9ac382e73b691892
	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.10.111 with commit cf580d2e3884dbafd6b90269b03a24d661578624
	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.15.34 with commit dcd6b1a624c0ffa21034d8b1e02e9d068458f596
	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.16.20 with commit 5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.17.3 with commit 3d0078f8bddd58d9bb1ad40bbe929f8633abb276
	Issue introduced in 5.7 with commit 74347a99e73ae00b8385f1209aaea193c670f901 and fixed in 5.18 with commit 792f232d57ff28bbd5f9c4abe0466b23d5879dc8
	Issue introduced in 5.6.7 with commit caeeb3787167c884b955404a7e669fd77f267e44

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49098
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/hv/vmbus_drv.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/6b4c0149a56147b29169e07000d566162892722a
	https://git.kernel.org/stable/c/2133c422a103cf7c7768c37b9ac382e73b691892
	https://git.kernel.org/stable/c/cf580d2e3884dbafd6b90269b03a24d661578624
	https://git.kernel.org/stable/c/dcd6b1a624c0ffa21034d8b1e02e9d068458f596
	https://git.kernel.org/stable/c/5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
	https://git.kernel.org/stable/c/3d0078f8bddd58d9bb1ad40bbe929f8633abb276
	https://git.kernel.org/stable/c/792f232d57ff28bbd5f9c4abe0466b23d5879dc8