[SRU][J][PATCH 0/1] CVE-2022-49267
Alice C. Munduruca
alice.munduruca at canonical.com
Wed Jan 14 21:25:55 UTC 2026
[ Impact ]
sprintf() is vulnerable to a buffer overflow and thus should not
be used. sysfs_emit() should be used instead in MMC.
[ Fix ]
jammy: Backported from upstream commit.
focal: PR will be sent to forgejo.
[ Tests ]
Compile and boot tested. (+stress-ng cpu, iomix)
[ Where problems could occur ]
Regressions are unlikely since the only change from the original
patch is ignoring a missing include from the parent commit, and that
patch has been well tested upstream. If that were to occur, a
regression would probably be limited to the MMC subsystem.
Sergey Shtylyov (1):
mmc: core: use sysfs_emit() instead of sprintf()
drivers/mmc/core/bus.c | 9 +++++----
drivers/mmc/core/bus.h | 3 ++-
drivers/mmc/core/mmc.c | 16 ++++++++--------
drivers/mmc/core/sd.c | 25 ++++++++++++-------------
drivers/mmc/core/sdio.c | 5 +++--
drivers/mmc/core/sdio_bus.c | 7 ++++---
6 files changed, 34 insertions(+), 31 deletions(-)
--
2.51.0
More information about the kernel-team
mailing list