CVE-2022-50299
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: Replace snprintf with scnprintf
Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffer.
[ 1513.267938] ————[ cut here ]———— [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510 [ 1513.267944] Modules linked in: <snip> [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510 <-snip-> [ 1513.267982] Call Trace: [ 1513.267986] snprintf+0x45/0x70 [ 1513.267990] ? disk_name+0x71/0xa0 [ 1513.267993] dump_zones+0x114/0x240 [raid0] [ 1513.267996] ? _cond_resched+0x19/0x40 [ 1513.267998] raid0_run+0x19e/0x270 [raid0] [ 1513.268000] md_run+0x5e0/0xc50 [ 1513.268003] ? security_capable+0x3f/0x60 [ 1513.268005] do_md_run+0x19/0x110 [ 1513.268006] md_ioctl+0x195e/0x1f90 [ 1513.268007] blkdev_ioctl+0x91f/0x9f0 [ 1513.268010] block_ioctl+0x3d/0x50 [ 1513.268012] do_vfs_ioctl+0xa9/0x640 [ 1513.268014] ? __fput+0x162/0x260 [ 1513.268016] ksys_ioctl+0x75/0x80 [ 1513.268017] __x64_sys_ioctl+0x1a/0x20 [ 1513.268019] do_syscall_64+0x5e/0x200 [ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 3b0a2bd51f60418ecd67493586a2bb2174199de3 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 897b1450abe5a67c842a5d24173ce4449ccdfa94 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 97238b88583c27c9d3b4a0cedb45f816523f17c3 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 76694e9ce0b2238c0a5f3ba54f9361dd3770ec78 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 5d8259c9d1915a50c60c7d6e9e7fb9b7da64a175 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 41ca95033a0c47cd6dace1f0a36a6eb5ebe799e6 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < f95825c4e51cf9a653b0ef947ac78401fc9d3a40 | affected |
| Linux | Linux | 766038846e875740cf4c20dfc5d5b292ba47360a < 1727fd5015d8f93474148f94e34cda5aa6ad4a43 | affected |
| Linux | Linux | 4.10 | affected |
| Linux | Linux | 0 < 4.10 | unaffected |
| Linux | Linux | 4.14.296 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.262 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.220 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.150 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.75 <= 5.15.* | unaffected |
| Linux | Linux | 5.19.17 <= 5.19.* | unaffected |
| Linux | Linux | 6.0.3 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/3b0a2bd51f60418ecd67493586a2bb2174199de3
- https://git.kernel.org/stable/c/897b1450abe5a67c842a5d24173ce4449ccdfa94
- https://git.kernel.org/stable/c/97238b88583c27c9d3b4a0cedb45f816523f17c3
- https://git.kernel.org/stable/c/76694e9ce0b2238c0a5f3ba54f9361dd3770ec78
- https://git.kernel.org/stable/c/5d8259c9d1915a50c60c7d6e9e7fb9b7da64a175
- https://git.kernel.org/stable/c/41ca95033a0c47cd6dace1f0a36a6eb5ebe799e6
- https://git.kernel.org/stable/c/f95825c4e51cf9a653b0ef947ac78401fc9d3a40
- https://git.kernel.org/stable/c/1727fd5015d8f93474148f94e34cda5aa6ad4a43
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.