cve/published/2022/CVE-2022-49642.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49642: net: stmmac: dwc-qos: Disable split header for Tegra194

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: stmmac: dwc-qos: Disable split header for Tegra194

 There is a long-standing issue with the Synopsys DWC Ethernet driver
 for Tegra194 where random system crashes have been observed [0]. The
 problem occurs when the split header feature is enabled in the stmmac
 driver. In the bad case, a larger than expected buffer length is
 received and causes the calculation of the total buffer length to
 overflow. This results in a very large buffer length that causes the
 kernel to crash. Why this larger buffer length is received is not clear,
 however, the feedback from the NVIDIA design team is that the split
 header feature is not supported for Tegra194. Therefore, disable split
 header support for Tegra194 to prevent these random crashes from
 occurring.

 [0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/

 The Linux kernel CVE team has assigned CVE-2022-49642 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.4.207 with commit 2968830c9b47ce093237483c6207c61065712386
 	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.10.132 with commit 9cc8edc571b871d974b3289868553f9ce544aba6
 	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.15.56 with commit d5c315a787652c35045044877a249f7d5c8a4104
 	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.18.13 with commit cfa4caf3e881ad6dd366c903c34f1c7f21b857ab
 	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.19 with commit 029c1c2059e9c4b38f97a06204cdecd10cfbeb8a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49642
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/ethernet/stmicro/stmmac/dwmac-dwc-qos-eth.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/2968830c9b47ce093237483c6207c61065712386
 	https://git.kernel.org/stable/c/9cc8edc571b871d974b3289868553f9ce544aba6
 	https://git.kernel.org/stable/c/d5c315a787652c35045044877a249f7d5c8a4104
 	https://git.kernel.org/stable/c/cfa4caf3e881ad6dd366c903c34f1c7f21b857ab
 	https://git.kernel.org/stable/c/029c1c2059e9c4b38f97a06204cdecd10cfbeb8a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49642: net: stmmac: dwc-qos: Disable split header for Tegra194

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: stmmac: dwc-qos: Disable split header for Tegra194

	There is a long-standing issue with the Synopsys DWC Ethernet driver
	for Tegra194 where random system crashes have been observed [0]. The
	problem occurs when the split header feature is enabled in the stmmac
	driver. In the bad case, a larger than expected buffer length is
	received and causes the calculation of the total buffer length to
	overflow. This results in a very large buffer length that causes the
	kernel to crash. Why this larger buffer length is received is not clear,
	however, the feedback from the NVIDIA design team is that the split
	header feature is not supported for Tegra194. Therefore, disable split
	header support for Tegra194 to prevent these random crashes from
	occurring.

	[0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/

	The Linux kernel CVE team has assigned CVE-2022-49642 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.4.207 with commit 2968830c9b47ce093237483c6207c61065712386
	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.10.132 with commit 9cc8edc571b871d974b3289868553f9ce544aba6
	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.15.56 with commit d5c315a787652c35045044877a249f7d5c8a4104
	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.18.13 with commit cfa4caf3e881ad6dd366c903c34f1c7f21b857ab
	Issue introduced in 5.4 with commit 67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee and fixed in 5.19 with commit 029c1c2059e9c4b38f97a06204cdecd10cfbeb8a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49642
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/ethernet/stmicro/stmmac/dwmac-dwc-qos-eth.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/2968830c9b47ce093237483c6207c61065712386
	https://git.kernel.org/stable/c/9cc8edc571b871d974b3289868553f9ce544aba6
	https://git.kernel.org/stable/c/d5c315a787652c35045044877a249f7d5c8a4104
	https://git.kernel.org/stable/c/cfa4caf3e881ad6dd366c903c34f1c7f21b857ab
	https://git.kernel.org/stable/c/029c1c2059e9c4b38f97a06204cdecd10cfbeb8a