From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2022-48636: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Description =========== In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held. The Linux kernel CVE team has assigned CVE-2022-48636 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 4.9.330 with commit d86b4267834e Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 4.14.295 with commit 49f401a98b31 Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 4.19.260 with commit aaba5ff27420 Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 5.4.215 with commit 2e473351400e Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 5.10.146 with commit f5fcc9d6d71d Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 5.15.71 with commit d3a67c21b18f Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 5.19.12 with commit 650a2e79d176 Issue introduced in 2.6.25 with commit 8e09f21574ea and fixed in 6.0 with commit db7ba07108a4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48636 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/s390/block/dasd_alias.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70 https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4 https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1 https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1 https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6 https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d