CVE-2022-49260

In the Linux kernel, the following vulnerability has been resolved:

crypto: hisilicon/sec - fix the aead software fallback for engine

Due to the subreq pointer misuse the private context memory. The aead
soft crypto occasionally casues the OS panic as setting the 64K page.
Here is fix it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
linuxlinux_kernel
5.14 ≤
𝑥
< 5.15.33
linuxlinux_kernel
5.16 ≤
𝑥
< 5.16.19
linuxlinux_kernel
5.17 ≤
𝑥
< 5.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/0a2a464f863187f97e96ebc6384c052cafd4a54c
https://git.kernel.org/stable/c/40dba7c26e897c637e91312b35f664f1d4d0073c
https://git.kernel.org/stable/c/5c1149e2abe0b7489300736b8277b45b113de67f
https://git.kernel.org/stable/c/ef7b10f3cac7810ddcfd976304fd125aca33d144