CVE-2022-49147
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: Fix the maximum minor value is blk_alloc_ext_minor()
ida_alloc_range(…, min, max, …) returns values from min to max, inclusive.
So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor().
This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is '(1 << MINORBITS)'.
So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 22ae8ce8b89241c94ac00c237752c0ffa37ba5ae < 5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb | affected |
| Linux | Linux | 22ae8ce8b89241c94ac00c237752c0ffa37ba5ae < 0f8cf8f5ccbad25ed6828875b222dbab29d5c272 | affected |
| Linux | Linux | 22ae8ce8b89241c94ac00c237752c0ffa37ba5ae < fbe2cc4525480ddd20c866bb5c0578071e01451a | affected |
| Linux | Linux | 22ae8ce8b89241c94ac00c237752c0ffa37ba5ae < d1868328dec5ae2cf210111025fcbc71f78dd5ca | affected |
| Linux | Linux | 5.11 | affected |
| Linux | Linux | 0 < 5.11 | unaffected |
| Linux | Linux | 5.15.33 <= 5.15.* | unaffected |
| Linux | Linux | 5.16.19 <= 5.16.* | unaffected |
| Linux | Linux | 5.17.2 <= 5.17.* | unaffected |
| Linux | Linux | 5.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb
- https://git.kernel.org/stable/c/0f8cf8f5ccbad25ed6828875b222dbab29d5c272
- https://git.kernel.org/stable/c/fbe2cc4525480ddd20c866bb5c0578071e01451a
- https://git.kernel.org/stable/c/d1868328dec5ae2cf210111025fcbc71f78dd5ca
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.