admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-490xx/CVE-2022-49094.json
cad-safe-bot 6a206bf025 Auto-Update: 2025-03-09T03:00:19.873769+00:00
2025-03-09 03:03:50 +00:00

45 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-49094",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:46.747",
"lastModified": "2025-02-26T07:00:46.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix slab-out-of-bounds bug in decrypt_internal\n\nThe memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in\ntls_set_sw_offload(). The return value of crypto_aead_ivsize()\nfor \"ccm(aes)\" is 16. So memcpy() require 16 bytes from 12 bytes\nmemory space will trigger slab-out-of-bounds bug as following:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in decrypt_internal+0x385/0xc40 [tls]\nRead of size 16 at addr ffff888114e84e60 by task tls/10911\n\nCall Trace:\n <TASK>\n dump_stack_lvl+0x34/0x44\n print_report.cold+0x5e/0x5db\n ? decrypt_internal+0x385/0xc40 [tls]\n kasan_report+0xab/0x120\n ? decrypt_internal+0x385/0xc40 [tls]\n kasan_check_range+0xf9/0x1e0\n memcpy+0x20/0x60\n decrypt_internal+0x385/0xc40 [tls]\n ? tls_get_rec+0x2e0/0x2e0 [tls]\n ? process_rx_list+0x1a5/0x420 [tls]\n ? tls_setup_from_iter.constprop.0+0x2e0/0x2e0 [tls]\n decrypt_skb_update+0x9d/0x400 [tls]\n tls_sw_recvmsg+0x3c8/0xb50 [tls]\n\nAllocated by task 10911:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n tls_set_sw_offload+0x2eb/0xa20 [tls]\n tls_setsockopt+0x68c/0x700 [tls]\n __sys_setsockopt+0xfe/0x1b0\n\nReplace the crypto_aead_ivsize() with prot->iv_size + prot->salt_size\nwhen memcpy() iv value in TLS_1_3_VERSION scenario."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/tls: corrige el error de slab fuera de los l\u00edmites en decrypt_internal El tama\u00f1o de memoria de tls_ctx-&gt;rx.iv para AES128-CCM es 12 configurado en tls_set_sw_offload(). El valor de retorno de crypto_aead_ivsize() para \"ccm(aes)\" es 16. Por lo tanto, memcpy() requiere 16 bytes de 12 bytes de espacio de memoria y activar\u00e1 un error de losa fuera de los l\u00edmites de la siguiente manera: ========================================================================= ERROR: KASAN: losa fuera de los l\u00edmites en decrypt_internal+0x385/0xc40 [tls] Lectura de tama\u00f1o 16 en la direcci\u00f3n ffff888114e84e60 por la tarea tls/10911 Seguimiento de llamadas: dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db ? decrypt_internal+0x385/0xc40 [tls] kasan_report+0xab/0x120 ? decrypt_internal+0x385/0xc40 [tls] kasan_check_range+0xf9/0x1e0 memcpy+0x20/0x60 decrypt_internal+0x385/0xc40 [tls] ? tls_get_rec+0x2e0/0x2e0 [tls] ? process_rx_list+0x1a5/0x420 [tls] ? tls_setup_from_iter.constprop.0+0x2e0/0x2e0 [tls] decrypt_skb_update+0x9d/0x400 [tls] tls_sw_recvmsg+0x3c8/0xb50 [tls] Asignado por la tarea 10911: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x81/0xa0 tls_set_sw_offload+0x2eb/0xa20 [tls] tls_setsockopt+0x68c/0x700 [tls] __sys_setsockopt+0xfe/0x1b0 Reemplace crypto_aead_ivsize() con prot-&gt;iv_size + prot-&gt;salt_size cuando el valor iv de memcpy() est\u00e9 en Escenario TLS_1_3_VERSION."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2304660ab6c425df64d95301b601424c6a50f28b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/29be1816cbab9a0dc6243120939fd10a92753756",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b7d14c105dd8f6412eda5a91e1e6154653731e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/589154d0f18945f41d138a5b4e49e518d294474b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e2f1b033b17dedda51d465861b69e58317d6343",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9381fe8c849cfbe50245ac01fc077554f6eaa0e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink