CVE-2022-49374

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49374

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49374.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49374

Related

UBUNTU-CVE-2022-49374

Published

2025-02-26T07:01:14Z

Modified

2025-02-26T19:03:19.289802Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: check attribute length for bearer name

syzbot reported uninit-value:

BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 [inline] BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725 stringnocheck lib/vsprintf.c:644 [inline] string+0x4f9/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 vprintkstore+0x537/0x2150 kernel/printk/printk.c:2158 vprintkemit+0x28b/0xab0 kernel/printk/printk.c:2256 vprintkdefault+0x86/0xa0 kernel/printk/printk.c:2283 vprintk+0x15f/0x180 kernel/printk/printksafe.c:50 printk+0x18d/0x1cf kernel/printk/printk.c:2293 tipcenablebearer net/tipc/bearer.c:371 [inline] _tipcnlbearerenable+0x2022/0x22a0 net/tipc/bearer.c:1033 tipcnlbearerenable+0x6c/0xb0 net/tipc/bearer.c:1042 genlfamilyrcvmsgdoit net/netlink/genetlink.c:731 [inline]

Do sanity check the attribute length for TIPCNLABEARER_NAME.
Do not use 'illegal name' in printing message.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.127-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}