ACK: [SRU][J][PATCH 0/1] CVE-2022-49267
Tim Whisonant
tim.whisonant at canonical.com
Thu Jan 15 00:23:05 UTC 2026
On Wed, Jan 14, 2026 at 04:25:55PM -0500, Alice C. Munduruca wrote:
> [ Impact ]
>
> sprintf() is vulnerable to a buffer overflow and thus should not
> be used. sysfs_emit() should be used instead in MMC.
>
> [ Fix ]
>
> jammy: Backported from upstream commit.
> focal: PR will be sent to forgejo.
>
> [ Tests ]
>
> Compile and boot tested. (+stress-ng cpu, iomix)
>
> [ Where problems could occur ]
>
> Regressions are unlikely since the only change from the original
> patch is ignoring a missing include from the parent commit, and that
> patch has been well tested upstream. If that were to occur, a
> regression would probably be limited to the MMC subsystem.
>
> Sergey Shtylyov (1):
> mmc: core: use sysfs_emit() instead of sprintf()
>
> drivers/mmc/core/bus.c | 9 +++++----
> drivers/mmc/core/bus.h | 3 ++-
> drivers/mmc/core/mmc.c | 16 ++++++++--------
> drivers/mmc/core/sd.c | 25 ++++++++++++-------------
> drivers/mmc/core/sdio.c | 5 +++--
> drivers/mmc/core/sdio_bus.c | 7 ++++---
> 6 files changed, 34 insertions(+), 31 deletions(-)
>
> --
> 2.51.0
>
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list