mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
135 lines
9.1 KiB
JSON
135 lines
9.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2022-49261",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: add missing boundary check in vm_access\n\nA missing bounds check in vm_access() can lead to an out-of-bounds read\nor write in the adjacent memory area, since the len attribute is not\nvalidated before the memcpy later in the function, potentially hitting:\n\n[ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000\n[ 183.637934] #PF: supervisor read access in kernel mode\n[ 183.637997] #PF: error_code(0x0000) - not-present page\n[ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0\n[ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI\n[ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1\n[ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019\n[ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10\n[ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246\n[ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc\n[ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004\n[ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000\n[ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000\n[ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000\n[ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000\n[ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0\n[ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 183.650142] Call Trace:\n[ 183.650988] <TASK>\n[ 183.651793] vm_access+0x1f0/0x2a0 [i915]\n[ 183.652726] __access_remote_vm+0x224/0x380\n[ 183.653561] mem_rw.isra.0+0xf9/0x190\n[ 183.654402] vfs_read+0x9d/0x1b0\n[ 183.655238] ksys_read+0x63/0xe0\n[ 183.656065] do_syscall_64+0x38/0xc0\n[ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 183.657663] RIP: 0033:0x7fe5ef725142\n[ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142\n[ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005\n[ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046\n[ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0\n[ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000\n\nChanges since v1:\n - Updated if condition with range_overflows_t [Chris Wilson]\n\n[mauld: tidy up the commit message and add Cc: stable]\n(cherry picked from commit 661412e301e2ca86799aa4f400d1cf0bd38c57c6)"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "9f909e215fea0652023b9ed09d3d7bfe10386423",
|
|
"version_value": "89ddcc81914ab58cc203acc844f27d55ada8ec0e"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "5.8",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "5.8",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.10.110",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.15.33",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.16.19",
|
|
"lessThanOrEqual": "5.16.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.17.2",
|
|
"lessThanOrEqual": "5.17.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.18",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/89ddcc81914ab58cc203acc844f27d55ada8ec0e",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/89ddcc81914ab58cc203acc844f27d55ada8ec0e"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/312d3d4f49e12f97260bcf972c848c3562126a18",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/312d3d4f49e12f97260bcf972c848c3562126a18"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/5f6e560e3e86ac053447524224e411034f41f5c7",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/5f6e560e3e86ac053447524224e411034f41f5c7"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/8f0ebea8f6e8c474264ed97d7a64c9c09ed4f5aa",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/8f0ebea8f6e8c474264ed97d7a64c9c09ed4f5aa"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-5f407fcff5a0"
|
|
}
|
|
} |