CVE-2022-50569
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Update ipcomp_scratches with NULL when freed
Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratches holds obsolete address. So when we try to free the percpu scratches using ipcomp_free_scratches() it tries to vfree non existent vm area. Described below:
static void * __percpu *ipcomp_alloc_scratches(void) { … scratches = alloc_percpu(void *); if (!scratches) return NULL; ipcomp_scratches does not know about this allocation failure. Therefore holding the old obsolete address. … }
So when we free,
static void ipcomp_free_scratches(void) { … scratches = ipcomp_scratches; Assigning obsolete address from ipcomp_scratches
if (!scratches)
return;
for_each_possible_cpu(i)
vfree(*per_cpu_ptr(scratches, i));
Trying to free non existent page, causing warning: trying to vfree existent vm area. … }
Fix this breakage by updating ipcomp_scrtches with NULL when scratches is freed
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < debca61df6bc2f65e020656c9c5b878d6b38d30f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a39f456d62810c0efb43cead22f98d95b53e4b1a | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1e8abde895b3ac6a368cbdb372e8800c49e73a28 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 18373ed500f7cd53e24d9b0bd0f1c09d78dba87e | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < be81c44242b20fc3bdcc73480ef8aaee56f5d0b6 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 03155680191ef0f004b1d6a5714c5b8cd271ab61 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f3bdba4440d82e0da2b1bfc35d3836c8a8e00677 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2c19945ce8095d065df550e7fe350cd5cc40c6e6 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8a04d2fc700f717104bfb95b0f6694e448a4537f | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.9.331 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.296 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.262 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.220 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.150 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.75 <= 5.15.* | unaffected |
| Linux | Linux | 5.19.17 <= 5.19.* | unaffected |
| Linux | Linux | 6.0.3 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/debca61df6bc2f65e020656c9c5b878d6b38d30f
- https://git.kernel.org/stable/c/a39f456d62810c0efb43cead22f98d95b53e4b1a
- https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28
- https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e
- https://git.kernel.org/stable/c/be81c44242b20fc3bdcc73480ef8aaee56f5d0b6
- https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61
- https://git.kernel.org/stable/c/f3bdba4440d82e0da2b1bfc35d3836c8a8e00677
- https://git.kernel.org/stable/c/2c19945ce8095d065df550e7fe350cd5cc40c6e6
- https://git.kernel.org/stable/c/8a04d2fc700f717104bfb95b0f6694e448a4537f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.