CVE-2022-50299

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md: Replace snprintf with scnprintf<br /> <br /> Current code produces a warning as shown below when total characters<br /> in the constituent block device names plus the slashes exceeds 200.<br /> snprintf() returns the number of characters generated from the given<br /> input, which could cause the expression “200 – len” to wrap around<br /> to a large positive number. Fix this by using scnprintf() instead,<br /> which returns the actual number of characters written into the buffer.<br /> <br /> [ 1513.267938] ------------[ cut here ]------------<br /> [ 1513.267943] WARNING: CPU: 15 PID: 37247 at /lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510<br /> [ 1513.267944] Modules linked in: <br /> [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu<br /> [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022<br /> [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510<br /> <br /> [ 1513.267982] Call Trace:<br /> [ 1513.267986] snprintf+0x45/0x70<br /> [ 1513.267990] ? disk_name+0x71/0xa0<br /> [ 1513.267993] dump_zones+0x114/0x240 [raid0]<br /> [ 1513.267996] ? _cond_resched+0x19/0x40<br /> [ 1513.267998] raid0_run+0x19e/0x270 [raid0]<br /> [ 1513.268000] md_run+0x5e0/0xc50<br /> [ 1513.268003] ? security_capable+0x3f/0x60<br /> [ 1513.268005] do_md_run+0x19/0x110<br /> [ 1513.268006] md_ioctl+0x195e/0x1f90<br /> [ 1513.268007] blkdev_ioctl+0x91f/0x9f0<br /> [ 1513.268010] block_ioctl+0x3d/0x50<br /> [ 1513.268012] do_vfs_ioctl+0xa9/0x640<br /> [ 1513.268014] ? __fput+0x162/0x260<br /> [ 1513.268016] ksys_ioctl+0x75/0x80<br /> [ 1513.268017] __x64_sys_ioctl+0x1a/0x20<br /> [ 1513.268019] do_syscall_64+0x5e/0x200<br /> [ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9