CVE-2022-48945

23.09.2024, 10:15

In the Linux kernel, the following vulnerability has been resolved:

media: vivid: fix compose size exceed boundary

syzkaller found a bug:

 BUG: unable to handle page fault for address: ffffc9000a3b1000
 #PF: supervisor write access in kernel mode
 #PF: error_code(0x0002) - not-present page
 PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0
 Oops: 0002 [#1] PREEMPT SMP
 CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
 RIP: 0010:memcpy_erms+0x6/0x10
[...]
 Call Trace:
  <TASK>
  ? tpg_fill_plane_buffer+0x856/0x15b0
  vivid_fillbuff+0x8ac/0x1110
  vivid_thread_vid_cap_tick+0x361/0xc90
  vivid_thread_vid_cap+0x21a/0x3a0
  kthread+0x143/0x180
  ret_from_fork+0x1f/0x30
  </TASK>

This is because we forget to check boundary after adjust compose->height
int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem
for this case.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Linux	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

noble	not-affected
jammy	Fixed 5.15.0-69.76 released
focal	Fixed 5.4.0-144.161 released
bionic	Fixed 4.15.0-208.220 released
xenial	ignored
trusty	not-affected

linux-allwinner-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws

noble	not-affected
jammy	Fixed 5.15.0-1033.37 released
focal	Fixed 5.4.0-1097.105 released
bionic	Fixed 4.15.0-1153.166 released
xenial	ignored
trusty	ignored

linux-aws-5.0

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.11

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1033.37~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1097.105~18.04.1 released
xenial	dne
trusty	dne

linux-aws-5.8

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-fips

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

linux-aws-hwe

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	Fixed 4.15.0-1153.166~16.04.1 released
trusty	dne

linux-azure

noble	not-affected
jammy	Fixed 5.15.0-1035.42 released
focal	Fixed 5.4.0-1104.110 released
bionic	ignored
xenial	Fixed 4.15.0-1162.177~16.04.1 released
trusty	Fixed 4.15.0-1162.177~14.04.1 released

linux-azure-4.15

noble	dne
jammy	dne
focal	dne
bionic	Fixed 4.15.0-1162.177 released
xenial	dne
trusty	dne

linux-azure-5.11

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1035.42~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1104.110~18.04.1 released
xenial	dne
trusty	dne

linux-azure-5.8

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-edge

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-fde

noble	dne
jammy	Fixed 5.15.0-1035.42.1 released
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1035.42~20.04.1.1 released
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fips

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

linux-bluefield

noble	dne
jammy	dne
focal	Fixed 5.4.0-1059.65 released
bionic	dne
xenial	dne
trusty	dne

linux-fips

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp

noble	not-affected
jammy	Fixed 5.15.0-1031.38 released
focal	Fixed 5.4.0-1101.110 released
bionic	ignored
xenial	Fixed 4.15.0-1147.163~16.04.1 released
trusty	dne

linux-gcp-4.15

noble	dne
jammy	dne
focal	dne
bionic	Fixed 4.15.0-1147.163 released
xenial	dne
trusty	dne

linux-gcp-5.11

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1031.38~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gcp-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1101.110~18.04.1 released
xenial	dne
trusty	dne

linux-gcp-5.8

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-fips

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

linux-gke

noble	not-affected
jammy	Fixed 5.15.0-1030.35 released
focal	ignored
bionic	dne
xenial	ignored
trusty	dne

linux-gke-4.15

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gke-5.15

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gke-5.4

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gkeop

noble	dne
jammy	Fixed 5.15.0-1017.22 released
focal	Fixed 5.4.0-1065.69 released
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1017.22~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.4

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-hwe

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	Fixed 4.15.0-208.219~16.04.1 released
trusty	dne

linux-hwe-5.11

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-69.76~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-144.161~18.04.1 released
xenial	dne
trusty	dne

linux-hwe-5.8

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-ibm

noble	not-affected
jammy	Fixed 5.15.0-1027.30 released
focal	Fixed 5.4.0-1045.50 released
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.15

noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1045.50~18.04.1 released
xenial	dne
trusty	dne

linux-intel

noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-intel-iot-realtime

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg

noble	dne
jammy	Fixed 5.15.0-1027.32 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1027.32~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-iot

noble	dne
jammy	dne
focal	Fixed 5.4.0-1013.15 released
bionic	dne
xenial	dne
trusty	dne

linux-kvm

noble	dne
jammy	Fixed 5.15.0-1030.35 released
focal	Fixed 5.4.0-1087.93 released
bionic	Fixed 4.15.0-1137.142 released
xenial	ignored
trusty	dne

linux-lowlatency

noble	not-affected
jammy	Fixed 5.15.0-69.76 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-69.76~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	ignored

linux-nvidia

noble	not-affected
jammy	Fixed 5.15.0-1023.23 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.5

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-oem-5.10

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.14

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.17

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.6

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.0

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.1

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.8

noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle

noble	not-affected
jammy	Fixed 5.15.0-1032.38 released
focal	Fixed 5.4.0-1094.103 released
bionic	Fixed 4.15.0-1116.127 released
xenial	Fixed 4.15.0-1116.127~16.04.1 released
trusty	dne

linux-oracle-5.0

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.11

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.13

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1032.38~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1094.103~18.04.1 released
xenial	dne
trusty	dne

linux-oracle-5.8

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi

noble	not-affected
jammy	Fixed 5.15.0-1026.28 released
focal	Fixed 5.4.0-1081.92 released
bionic	dne
xenial	dne
trusty	dne

linux-raspi-5.4

noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1081.92~18.04.1 released
xenial	dne
trusty	dne

linux-raspi-realtime

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi2

noble	dne
jammy	dne
focal	ignored
bionic	ignored
xenial	ignored
trusty	dne

linux-realtime

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv

noble	not-affected
jammy	ignored
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.11

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.15

noble	dne
jammy	dne
focal	Fixed 5.15.0-1030.34~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.8

noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-5.19

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.2

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.5

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-xilinx-zynqmp

noble	dne
jammy	not-affected
focal	Fixed 5.4.0-1022.26 released
bionic	dne
xenial	dne
trusty	dne

References

https://git.kernel.org/stable/c/2f558c5208b0f70c8140e08ce09fcc84da48e789

https://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6

https://git.kernel.org/stable/c/5edc3604151919da8da0fb092b71d7dce07d848a

https://git.kernel.org/stable/c/8c0ee15d9a102c732d0745566d254040085d5663

https://git.kernel.org/stable/c/94a7ad9283464b75b12516c5512541d467cefcf8

https://git.kernel.org/stable/c/9c7fba9503b826f0c061d136f8f0c9f953ed18b9

https://git.kernel.org/stable/c/ab54081a2843aefb837812fac5488cc8f1696142

https://git.kernel.org/stable/c/ccb5392c4fea0e7d9f7ab35567e839d74cb3998b

https://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f