CVE-2022-50621

Summary

In the Linux kernel, the following vulnerability has been resolved:

dm: verity-loadpin: Only trust verity targets with enforcement

Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configured to perform some kind of enforcement when data corruption is detected, like returning an error, restarting the system or triggering a panic.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb6c1c5745ccc68ac5d57c7ffb51ea25a86d0e97b < cb1f5b76e39d86c98722696bdf632987aa777b83affected
LinuxLinuxb6c1c5745ccc68ac5d57c7ffb51ea25a86d0e97b < 916ef6232cc4b84db7082b4c3d3cf1753d9462baaffected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References