ACK: [SRU][J][PATCH 0/1] CVE-2022-49267
Benjamin Wheeler
benjamin.wheeler at canonical.com
Thu Jan 15 20:38:10 UTC 2026
Acked-by: Benjamin Wheeler <benjamin.wheeler at canonical.com>
On Wed, Jan 14, 2026 at 4:26 PM Alice C. Munduruca
<alice.munduruca at canonical.com> wrote:
>
> [ Impact ]
>
> sprintf() is vulnerable to a buffer overflow and thus should not
> be used. sysfs_emit() should be used instead in MMC.
>
> [ Fix ]
>
> jammy: Backported from upstream commit.
> focal: PR will be sent to forgejo.
>
> [ Tests ]
>
> Compile and boot tested. (+stress-ng cpu, iomix)
>
> [ Where problems could occur ]
>
> Regressions are unlikely since the only change from the original
> patch is ignoring a missing include from the parent commit, and that
> patch has been well tested upstream. If that were to occur, a
> regression would probably be limited to the MMC subsystem.
>
> Sergey Shtylyov (1):
> mmc: core: use sysfs_emit() instead of sprintf()
>
> drivers/mmc/core/bus.c | 9 +++++----
> drivers/mmc/core/bus.h | 3 ++-
> drivers/mmc/core/mmc.c | 16 ++++++++--------
> drivers/mmc/core/sd.c | 25 ++++++++++++-------------
> drivers/mmc/core/sdio.c | 5 +++--
> drivers/mmc/core/sdio_bus.c | 7 ++++---
> 6 files changed, 34 insertions(+), 31 deletions(-)
>
> --
> 2.51.0
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list