CVE-2022-50567
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: jfs: fix shift-out-of-bounds in dbAllocAG
Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp->db_agl2size. The field can be greater than 64 and trigger the shift-out-of-bounds.
Fix this bug by adding a check of bmp->db_agl2size in dbMount since this field is used in many following functions. The upper bound for this field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp. Note that, for maintenance, I reorganized error handling code of dbMount.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d3b486946a4e62c7ef6023f7d9c1d049051384ba | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3115313cf03113e87c87adee18ee49a20bbdb9ba | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < eea87acb6027be3dd4d3c57186bb22800d57fdda | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 359616ce587e524107730504891afa4b1a8be58c | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0536f76a2bca83d1a3740517ba22cc93a44b3099 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2c575c8905f7a8b32d5611b91856b69bac2a5bf1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67973caae78e21ee46a7281aaa8ca364eb9c444f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 898f706695682b9954f280d95e49fa86ffa55d08 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.9.337 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.303 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.270 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.229 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.163 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.86 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.16 <= 6.0.* | unaffected |
| Linux | Linux | 6.1.2 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/d3b486946a4e62c7ef6023f7d9c1d049051384ba
- https://git.kernel.org/stable/c/3115313cf03113e87c87adee18ee49a20bbdb9ba
- https://git.kernel.org/stable/c/eea87acb6027be3dd4d3c57186bb22800d57fdda
- https://git.kernel.org/stable/c/359616ce587e524107730504891afa4b1a8be58c
- https://git.kernel.org/stable/c/3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd
- https://git.kernel.org/stable/c/0536f76a2bca83d1a3740517ba22cc93a44b3099
- https://git.kernel.org/stable/c/2c575c8905f7a8b32d5611b91856b69bac2a5bf1
- https://git.kernel.org/stable/c/67973caae78e21ee46a7281aaa8ca364eb9c444f
- https://git.kernel.org/stable/c/898f706695682b9954f280d95e49fa86ffa55d08
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.