cve/published/2022/CVE-2022-49298.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49298: staging: rtl8712: fix uninit-value in r871xu_drv_init()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 staging: rtl8712: fix uninit-value in r871xu_drv_init()

 When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
 'mac[6]' will not be initialized.

 BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
  r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
  usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
  really_probe+0x653/0x14b0 drivers/base/dd.c:596
  __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
  driver_probe_device drivers/base/dd.c:782 [inline]
  __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
  bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
  __device_attach+0x593/0x8e0 drivers/base/dd.c:970
  device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
  bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
  device_add+0x1fff/0x26e0 drivers/base/core.c:3405
  usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
  usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
  usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
  really_probe+0x653/0x14b0 drivers/base/dd.c:596
  __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
  driver_probe_device drivers/base/dd.c:782 [inline]
  __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
  bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
  __device_attach+0x593/0x8e0 drivers/base/dd.c:970
  device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
  bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
  device_add+0x1fff/0x26e0 drivers/base/core.c:3405
  usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
  hub_port_connect drivers/usb/core/hub.c:5358 [inline]
  hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
  port_event drivers/usb/core/hub.c:5660 [inline]
  hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
  process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
  worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
  kthread+0x3c7/0x500 kernel/kthread.c:377
  ret_from_fork+0x1f/0x30

 Local variable mac created at:
  r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
  usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396

 KMSAN: uninit-value in r871xu_drv_init
 https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

 The Linux kernel CVE team has assigned CVE-2022-49298 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.9.318 with commit 0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
 	Fixed in 4.14.283 with commit 277faa442fe0c59f418ac53f47a78e1266addd65
 	Fixed in 4.19.247 with commit a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
 	Fixed in 5.4.198 with commit 52a0d88c328098b4e9fb8f2f3877fec0eff4104b
 	Fixed in 5.10.122 with commit ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
 	Fixed in 5.15.47 with commit f36e754a1f0bafb9feeea63463de78080acb6de0
 	Fixed in 5.17.15 with commit 76a964ad0ea8f2b10abd69a7532e174a28258283
 	Fixed in 5.18.4 with commit 70df04433fd351ba72bc635bd0b5fe443d9ac964
 	Fixed in 5.19 with commit 0458e5428e5e959d201a40ffe71d762a79ecedc4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49298
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/staging/rtl8712/usb_intf.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
 	https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65
 	https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
 	https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b
 	https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
 	https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0
 	https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283
 	https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964
 	https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49298: staging: rtl8712: fix uninit-value in r871xu_drv_init()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	staging: rtl8712: fix uninit-value in r871xu_drv_init()

	When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
	'mac[6]' will not be initialized.

	BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
	r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
	usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
	really_probe+0x653/0x14b0 drivers/base/dd.c:596
	__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
	driver_probe_device drivers/base/dd.c:782 [inline]
	__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
	bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
	__device_attach+0x593/0x8e0 drivers/base/dd.c:970
	device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
	bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
	device_add+0x1fff/0x26e0 drivers/base/core.c:3405
	usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
	usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
	usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
	really_probe+0x653/0x14b0 drivers/base/dd.c:596
	__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
	driver_probe_device drivers/base/dd.c:782 [inline]
	__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
	bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
	__device_attach+0x593/0x8e0 drivers/base/dd.c:970
	device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
	bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
	device_add+0x1fff/0x26e0 drivers/base/core.c:3405
	usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
	hub_port_connect drivers/usb/core/hub.c:5358 [inline]
	hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
	port_event drivers/usb/core/hub.c:5660 [inline]
	hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
	process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
	worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
	kthread+0x3c7/0x500 kernel/kthread.c:377
	ret_from_fork+0x1f/0x30

	Local variable mac created at:
	r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
	usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396

	KMSAN: uninit-value in r871xu_drv_init
	https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

	The Linux kernel CVE team has assigned CVE-2022-49298 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.9.318 with commit 0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
	Fixed in 4.14.283 with commit 277faa442fe0c59f418ac53f47a78e1266addd65
	Fixed in 4.19.247 with commit a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
	Fixed in 5.4.198 with commit 52a0d88c328098b4e9fb8f2f3877fec0eff4104b
	Fixed in 5.10.122 with commit ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
	Fixed in 5.15.47 with commit f36e754a1f0bafb9feeea63463de78080acb6de0
	Fixed in 5.17.15 with commit 76a964ad0ea8f2b10abd69a7532e174a28258283
	Fixed in 5.18.4 with commit 70df04433fd351ba72bc635bd0b5fe443d9ac964
	Fixed in 5.19 with commit 0458e5428e5e959d201a40ffe71d762a79ecedc4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49298
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/staging/rtl8712/usb_intf.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
	https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65
	https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
	https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b
	https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
	https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0
	https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283
	https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964
	https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4