CVE-2022-49444

EUVD-2022-54785
In the Linux kernel, the following vulnerability has been resolved:

module: fix [e_shstrndx].sh_size=0 OOB access

It is trivial to craft a module to trigger OOB access in this line:

	if (info->secstrings[strhdr->sh_size - 1] != '\0') {

BUG: unable to handle page fault for address: ffffc90000aa0fff
PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014
RIP: 0010:load_module+0x19b/0x2391

[rebased patch onto modules-next]
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.4.110 ≤
𝑥
< 5.5
linuxlinux_kernel
5.10.26 ≤
𝑥
< 5.11
linuxlinux_kernel
5.11.3 ≤
𝑥
< 5.15.54
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.14
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
sid
6.12.16-1
fixed
trixie
6.12.12-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-64kb
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-default
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-default-base
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1.150400.24.78.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1.150500.6.47.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
kernel-docs
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-macros
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-obs-build
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-source
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-syms
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-zfcpdump
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.255.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/09cb6663618a74fe5572a4931ecbf098832e79ec
https://git.kernel.org/stable/c/391e982bfa632b8315235d8be9c0a81374c6a19c
https://git.kernel.org/stable/c/45a76414b6d8b8b39c23fea53b9d20e831ae72a0
https://git.kernel.org/stable/c/921630e2e5124a04158129a8f22f4b425e61a858