Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2022 / CVE-2022-49862.json
blob: 2850c7f08ac03c019aa64836a385c127d00a7733 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header\n\nThis is a follow-up for commit 974cb0e3e7c9 (\"tipc: fix uninit-value\nin tipc_nl_compat_name_table_dump\") where it should have type casted\nsizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative\nvalue.\n\nsyzbot reported a call trace because of it:\n\n BUG: KMSAN: uninit-value in ...\n tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934\n __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238\n tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321\n tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324\n genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]\n genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792\n netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501\n genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/tipc/netlink_compat.c"
],
"versions": [
{
"version": "4c559fb7e111077b56f62ccf833a52d8169cde19",
"lessThan": "082707d3df191bf5bb8801d43e4ce3dea39ca173",
"status": "affected",
"versionType": "git"
},
{
"version": "2aae1723dea1235ffef183daf0694805297424f6",
"lessThan": "a0ead1d648df9c456baec832b494513ef405949a",
"status": "affected",
"versionType": "git"
},
{
"version": "2d5fc1d492d194aa2986c5a9d8a48a60e9143a72",
"lessThan": "55a253a6753a603e80b95932ca971ba514aa6ce7",
"status": "affected",
"versionType": "git"
},
{
"version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
"lessThan": "36769b9477491a7af6635863bd950309c1e1b96c",
"status": "affected",
"versionType": "git"
},
{
"version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
"lessThan": "f31dd158580940938f77514b87337a777520185a",
"status": "affected",
"versionType": "git"
},
{
"version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
"lessThan": "301caa06091af4d5cf056ac8249cbda4e6029c6a",
"status": "affected",
"versionType": "git"
},
{
"version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
"lessThan": "6cee2c60bd168279852ac7dbe54c2b70d1028644",
"status": "affected",
"versionType": "git"
},
{
"version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
"lessThan": "1c075b192fe41030457cd4a5f7dea730412bca40",
"status": "affected",
"versionType": "git"
},
{
"version": "c25352f9ad5dffb4de95069e67891e2aa2e99e50",
"status": "affected",
"versionType": "git"
},
{
"version": "5486e8d46560ca2b4d86cbd7d3a66d9913b2ac65",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/tipc/netlink_compat.c"
],
"versions": [
{
"version": "5.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.334",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.300",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.155",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.79",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.9",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.152",
"versionEndExcluding": "4.9.334"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.95",
"versionEndExcluding": "4.14.300"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.17",
"versionEndExcluding": "4.19.267"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.4.225"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.10.155"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.15.79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "6.0.9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "6.1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.172"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/082707d3df191bf5bb8801d43e4ce3dea39ca173"
},
{
"url": "https://git.kernel.org/stable/c/a0ead1d648df9c456baec832b494513ef405949a"
},
{
"url": "https://git.kernel.org/stable/c/55a253a6753a603e80b95932ca971ba514aa6ce7"
},
{
"url": "https://git.kernel.org/stable/c/36769b9477491a7af6635863bd950309c1e1b96c"
},
{
"url": "https://git.kernel.org/stable/c/f31dd158580940938f77514b87337a777520185a"
},
{
"url": "https://git.kernel.org/stable/c/301caa06091af4d5cf056ac8249cbda4e6029c6a"
},
{
"url": "https://git.kernel.org/stable/c/6cee2c60bd168279852ac7dbe54c2b70d1028644"
},
{
"url": "https://git.kernel.org/stable/c/1c075b192fe41030457cd4a5f7dea730412bca40"
}
],
"title": "tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2022-49862",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}