Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49401

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
26/02/2025
Last modified:
22/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/page_owner: use strscpy() instead of strlcpy()<br /> <br /> current-&gt;comm[] is not a string (no guarantee for a zero byte in it).<br /> <br /> strlcpy(s1, s2, l) is calling strlen(s2), potentially<br /> causing out-of-bound access, as reported by syzbot:<br /> <br /> detected buffer overflow in __fortify_strlen<br /> ------------[ cut here ]------------<br /> kernel BUG at lib/string_helpers.c:980!<br /> invalid opcode: 0000 [#1] PREEMPT SMP KASAN<br /> CPU: 0 PID: 4087 Comm: dhcpcd-run-hooks Not tainted 5.18.0-rc3-syzkaller-01537-g20b87e7c29df #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011<br /> RIP: 0010:fortify_panic+0x18/0x1a lib/string_helpers.c:980<br /> Code: 8c e8 c5 ba e1 fa e9 23 0f bf fa e8 0b 5d 8c f8 eb db 55 48 89 fd e8 e0 49 40 f8 48 89 ee 48 c7 c7 80 f5 26 8a e8 99 09 f1 ff 0b e8 ca 49 40 f8 48 8b 54 24 18 4c 89 f1 48 c7 c7 00 00 27 8a<br /> RSP: 0018:ffffc900000074a8 EFLAGS: 00010286<br /> <br /> RAX: 000000000000002c RBX: ffff88801226b728 RCX: 0000000000000000<br /> RDX: ffff8880198e0000 RSI: ffffffff81600458 RDI: fffff52000000e87<br /> RBP: ffffffff89da2aa0 R08: 000000000000002c R09: 0000000000000000<br /> R10: ffffffff815fae2e R11: 0000000000000000 R12: ffff88801226b700<br /> R13: ffff8880198e0830 R14: 0000000000000000 R15: 0000000000000000<br /> FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f5876ad6ff8 CR3: 000000001a48c000 CR4: 00000000003506f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600<br /> Call Trace:<br /> <br /> __fortify_strlen include/linux/fortify-string.h:128 [inline]<br /> strlcpy include/linux/fortify-string.h:143 [inline]<br /> __set_page_owner_handle+0x2b1/0x3e0 mm/page_owner.c:171<br /> __set_page_owner+0x3e/0x50 mm/page_owner.c:190<br /> prep_new_page mm/page_alloc.c:2441 [inline]<br /> get_page_from_freelist+0xba2/0x3e00 mm/page_alloc.c:4182<br /> __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408<br /> alloc_pages+0x1aa/0x310 mm/mempolicy.c:2272<br /> alloc_slab_page mm/slub.c:1799 [inline]<br /> allocate_slab+0x26c/0x3c0 mm/slub.c:1944<br /> new_slab mm/slub.c:2004 [inline]<br /> ___slab_alloc+0x8df/0xf20 mm/slub.c:3005<br /> __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092<br /> slab_alloc_node mm/slub.c:3183 [inline]<br /> slab_alloc mm/slub.c:3225 [inline]<br /> __kmem_cache_alloc_lru mm/slub.c:3232 [inline]<br /> kmem_cache_alloc+0x360/0x3b0 mm/slub.c:3242<br /> dst_alloc+0x146/0x1f0 net/core/dst.c:92

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.10 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): High

Base Score 3.x
7.10
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.18 (including) 5.18.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools