[SRU][F][PATCH 0/1] CVE-2022-48938
Bethany Jamison
bethany.jamison at canonical.com
Thu Oct 24 22:06:24 UTC 2024
[Impact]
A broken device may give an extreme offset like 0xFFF0
and a reasonable length for a fragment. In the sanity
check as formulated now, this will create an integer
overflow, defeating the sanity check. Both offset
and offset + len need to be checked in such a manner
that no overflow can occur.
And those quantities should be unsigned.
[Fix]
Noble: not-affected
Jammy: not-affected
Focal: Clean cherry-pick from linux-5.10.y
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: won't fix
[Test Case]
Compile tested.
[Where problems could occur]
This fix affects those who use the Network Control Model (NCM)
USB host driver, an issue with this fix would be visible to
the user via unpredicted system behavior or memory corruption.
Oliver Neukum (1):
CDC-NCM: avoid overflow in sanity checking
drivers/net/usb/cdc_ncm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list