cve/published/2022/CVE-2022-49852.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.1.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49852: riscv: process: fix kernel info leakage

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 riscv: process: fix kernel info leakage

 thread_struct's s[12] may contain random kernel memory content, which
 may be finally leaked to userspace. This is a security hole. Fix it
 by clearing the s[12] array in thread_struct when fork.

 As for kthread case, it's better to clear the s[12] array as well.

 The Linux kernel CVE team has assigned CVE-2022-49852 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 4.19.267 with commit c4601d30f7d989b4f354df899ab85b5f7a750d30
 	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 5.4.225 with commit c5c0b3167537793a7cf936fb240366eefd2fc7fb
 	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 5.10.155 with commit e56d18a976dda653194218df6d40d8122c775712
 	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 5.15.79 with commit cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
 	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 6.0.9 with commit 358a68f98304b40b201ba5afe94c20355aa3dc68
 	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 6.1 with commit 6510c78490c490a6636e48b61eeaa6fb65981f4b

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49852
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/riscv/kernel/process.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
 	https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
 	https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
 	https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
 	https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
 	https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b
	From bippy-1.1.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49852: riscv: process: fix kernel info leakage

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	riscv: process: fix kernel info leakage

	thread_struct's s[12] may contain random kernel memory content, which
	may be finally leaked to userspace. This is a security hole. Fix it
	by clearing the s[12] array in thread_struct when fork.

	As for kthread case, it's better to clear the s[12] array as well.

	The Linux kernel CVE team has assigned CVE-2022-49852 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 4.19.267 with commit c4601d30f7d989b4f354df899ab85b5f7a750d30
	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 5.4.225 with commit c5c0b3167537793a7cf936fb240366eefd2fc7fb
	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 5.10.155 with commit e56d18a976dda653194218df6d40d8122c775712
	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 5.15.79 with commit cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 6.0.9 with commit 358a68f98304b40b201ba5afe94c20355aa3dc68
	Issue introduced in 4.15 with commit 7db91e57a0acde126a162ababfb1e0ab190130cb and fixed in 6.1 with commit 6510c78490c490a6636e48b61eeaa6fb65981f4b

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49852
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/riscv/kernel/process.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
	https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
	https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
	https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
	https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
	https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b