| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2022-49301: staging: rtl8712: fix uninit-value in usb_read8() and friends |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| staging: rtl8712: fix uninit-value in usb_read8() and friends |
| |
| When r8712_usbctrl_vendorreq() returns negative, 'data' in |
| usb_read{8,16,32} will not be initialized. |
| |
| BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] |
| BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 |
| string_nocheck lib/vsprintf.c:643 [inline] |
| string+0x4ec/0x6f0 lib/vsprintf.c:725 |
| vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 |
| va_format lib/vsprintf.c:1704 [inline] |
| pointer+0x18e6/0x1f70 lib/vsprintf.c:2443 |
| vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810 |
| vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 |
| vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 |
| dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604 |
| dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615 |
| __dev_printk+0x3be/0x440 drivers/base/core.c:4627 |
| _dev_info+0x1ea/0x22f drivers/base/core.c:4673 |
| r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401 |
| usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 |
| really_probe+0x6c7/0x1350 drivers/base/dd.c:621 |
| __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 |
| driver_probe_device drivers/base/dd.c:782 [inline] |
| __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 |
| bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 |
| __device_attach+0x593/0x8e0 drivers/base/dd.c:970 |
| device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 |
| bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 |
| device_add+0x1fff/0x26e0 drivers/base/core.c:3405 |
| usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 |
| usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 |
| usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 |
| really_probe+0x6c7/0x1350 drivers/base/dd.c:621 |
| __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 |
| driver_probe_device drivers/base/dd.c:782 [inline] |
| __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 |
| bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 |
| __device_attach+0x593/0x8e0 drivers/base/dd.c:970 |
| device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 |
| bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 |
| device_add+0x1fff/0x26e0 drivers/base/core.c:3405 |
| usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566 |
| hub_port_connect drivers/usb/core/hub.c:5363 [inline] |
| hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] |
| port_event drivers/usb/core/hub.c:5665 [inline] |
| hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747 |
| process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289 |
| worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436 |
| kthread+0x3c7/0x500 kernel/kthread.c:376 |
| ret_from_fork+0x1f/0x30 |
| |
| Local variable data created at: |
| usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33 |
| r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29 |
| |
| KMSAN: uninit-value in r871xu_drv_init |
| https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8 |
| |
| The Linux kernel CVE team has assigned CVE-2022-49301 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 5.4.198 with commit 58762f1c63c75cbe1dc393eed3c9cf8e38310ca1 |
| Fixed in 5.10.122 with commit 33ef21d55418ab6a62a63fd550b2dbe297433372 |
| Fixed in 5.15.47 with commit 95b0f54f8a898072a2810c05fab34d971f23a612 |
| Fixed in 5.17.15 with commit d7ed3c85da0b230bcdf5329acfe012ed093f3daa |
| Fixed in 5.18.4 with commit de075af8c404f7d59ed34df230aedd9f645fb846 |
| Fixed in 5.19 with commit d1b57669732d09da7e13ef86d058dab0cd57f6e0 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2022-49301 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/staging/rtl8712/usb_ops.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1 |
| https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372 |
| https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612 |
| https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa |
| https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846 |
| https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0 |
