cve/published/2022/CVE-2022-49344.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49344: af_unix: Fix a data-race in unix_dgram_peer_wake_me().

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 af_unix: Fix a data-race in unix_dgram_peer_wake_me().

 unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s
 lock held and check if its receive queue is full.  Here we need to
 use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise
 KCSAN will report a data-race.

 The Linux kernel CVE team has assigned CVE-2022-49344 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 4.19.247 with commit 95f0ba806277733bf6024e23e27e1be773701cca
 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.4.198 with commit 556720013c36c193d9cbfb06e7b33e51f0c39fbf
 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.10.122 with commit c61848500a3fd6867dfa4834b8c7f97133eceb9f
 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.15.47 with commit c926ae58f24f7bd55aa2ea4add9f952032507913
 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.17.15 with commit 71e8bfc7f838cabc60cba24e09ca84c4f8321ab2
 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.18.4 with commit 8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6
 	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.19 with commit 662a80946ce13633ae90a55379f1346c10f0c432
 	Issue introduced in 2.6.32.70 with commit 60bc010667ef06e0fb08d5ec599c0977adc2ac72
 	Issue introduced in 3.2.75 with commit a3b0f6e8a21ef02f69a15abac440572d8cde8c2a
 	Issue introduced in 3.4.111 with commit ec54d5ae9d298abf01c273233de9f2bc25d80475
 	Issue introduced in 3.10.95 with commit da8db0830a2ce63f628150307a01a315f5081202
 	Issue introduced in 3.12.52 with commit 9964b4c4ee925b2910723e509abd7241cff1ef84
 	Issue introduced in 3.14.59 with commit 9d054f57adc981a5f503d5eb9b259aa450b90dc5
 	Issue introduced in 3.18.26 with commit 72032798034d921ed565e3bf8dfdc3098f6473e2
 	Issue introduced in 4.1.15 with commit 5c77e26862ce604edea05b3442ed765e9756fe0f
 	Issue introduced in 4.2.8 with commit bad967fdd8ecbdd171f5f243657be033d2d081a7
 	Issue introduced in 4.3.3 with commit 58a6a46a036ce81a2a8ecaa6fc1537c894349e3f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49344
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/unix/af_unix.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca
 	https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf
 	https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f
 	https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913
 	https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2
 	https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6
 	https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49344: af_unix: Fix a data-race in unix_dgram_peer_wake_me().

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	af_unix: Fix a data-race in unix_dgram_peer_wake_me().

	unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s
	lock held and check if its receive queue is full. Here we need to
	use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise
	KCSAN will report a data-race.

	The Linux kernel CVE team has assigned CVE-2022-49344 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 4.19.247 with commit 95f0ba806277733bf6024e23e27e1be773701cca
	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.4.198 with commit 556720013c36c193d9cbfb06e7b33e51f0c39fbf
	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.10.122 with commit c61848500a3fd6867dfa4834b8c7f97133eceb9f
	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.15.47 with commit c926ae58f24f7bd55aa2ea4add9f952032507913
	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.17.15 with commit 71e8bfc7f838cabc60cba24e09ca84c4f8321ab2
	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.18.4 with commit 8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6
	Issue introduced in 4.4 with commit 7d267278a9ece963d77eefec61630223fce08c6c and fixed in 5.19 with commit 662a80946ce13633ae90a55379f1346c10f0c432
	Issue introduced in 2.6.32.70 with commit 60bc010667ef06e0fb08d5ec599c0977adc2ac72
	Issue introduced in 3.2.75 with commit a3b0f6e8a21ef02f69a15abac440572d8cde8c2a
	Issue introduced in 3.4.111 with commit ec54d5ae9d298abf01c273233de9f2bc25d80475
	Issue introduced in 3.10.95 with commit da8db0830a2ce63f628150307a01a315f5081202
	Issue introduced in 3.12.52 with commit 9964b4c4ee925b2910723e509abd7241cff1ef84
	Issue introduced in 3.14.59 with commit 9d054f57adc981a5f503d5eb9b259aa450b90dc5
	Issue introduced in 3.18.26 with commit 72032798034d921ed565e3bf8dfdc3098f6473e2
	Issue introduced in 4.1.15 with commit 5c77e26862ce604edea05b3442ed765e9756fe0f
	Issue introduced in 4.2.8 with commit bad967fdd8ecbdd171f5f243657be033d2d081a7
	Issue introduced in 4.3.3 with commit 58a6a46a036ce81a2a8ecaa6fc1537c894349e3f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49344
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/unix/af_unix.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/95f0ba806277733bf6024e23e27e1be773701cca
	https://git.kernel.org/stable/c/556720013c36c193d9cbfb06e7b33e51f0c39fbf
	https://git.kernel.org/stable/c/c61848500a3fd6867dfa4834b8c7f97133eceb9f
	https://git.kernel.org/stable/c/c926ae58f24f7bd55aa2ea4add9f952032507913
	https://git.kernel.org/stable/c/71e8bfc7f838cabc60cba24e09ca84c4f8321ab2
	https://git.kernel.org/stable/c/8801eb3ccd2e4e3b1a01449383e3321ae6dbd9d6
	https://git.kernel.org/stable/c/662a80946ce13633ae90a55379f1346c10f0c432