UBUNTU-CVE-2022-49762

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). Because the ATTR_RECORDs are next to each other, kernel can get the next ATTR_RECORD from end address of current ATTR_RECORD, through current ATTR_RECORD length field. The problem is that during iteration, when kernel calculates the end address of current ATTR_RECORD, kernel may trigger an integer overflow bug in executing `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))`. This may wrap, leading to a forever iteration on 32bit systems. This patch solves it by adding some checks on calculating end address of current ATTR_RECORD during iteration.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.15.0-206.217 | < 5.4.0-144.161 | < 5.15.0-67.74

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  all | < 4.15.0-1151.164 | < 5.4.0-1097.105 | < 5.15.0-1031.35

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1031.35~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1097.105~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2090.96 | all | < 5.4.0-1099.107+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1151.164~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1162.177~14.04.1 | < 4.15.0-1162.177~16.04.1 | all | < 5.4.0-1104.110 | < 5.15.0-1034.41

• ubuntu•linux-azure-4.15

  < 4.15.0-1162.177

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1034.41~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1104.110~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2071.77 | all | < 5.4.0-1104.110+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1014.16 | < 5.4.0-1059.65 | < 5.15.0-1014.16 | all

• ubuntu•linux-fips

  all | < 4.15.0-1108.119 | < 5.4.0-1073.82

• ubuntu•linux-gcp

  < 4.15.0-1146.162~16.04.1 | all | < 5.4.0-1101.110 | < 5.15.0-1030.37

• ubuntu•linux-gcp-4.15

  < 4.15.0-1146.162

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1030.37~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1101.110~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2055.60 | all | < 5.4.0-1101.110+fips1

• ubuntu•linux-gke

  all | < 5.15.0-1028.33

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

Showing first 50 affected entries in server-rendered view.

References (11)

• https://ubuntu.com/security/CVE-2022-49762
• https://www.cve.org/CVERecord?id=CVE-2022-49762
• https://git.kernel.org/linus/63095f4f3af59322bea984a6ae44337439348fe0
• https://git.kernel.org/stable/c/45683723f6b53e39e8a4cec0894e61fd6ec71989
• https://git.kernel.org/stable/c/5559eb5809353a83a40a1e4e7f066431c7b83020
• https://git.kernel.org/stable/c/63095f4f3af59322bea984a6ae44337439348fe0
• https://git.kernel.org/stable/c/785b2af9654b8beac55644e36da0085c5d776361
• https://git.kernel.org/stable/c/86f36de14dce5802856bb7a5921d74439db00b64
• https://git.kernel.org/stable/c/957732a09c3828267c2819d31c425aa793dd475b
• https://git.kernel.org/stable/c/b612f924f296408d7d02fb4cd01218afd4ed7184
• https://git.kernel.org/stable/c/b63ddb3ba61e2d3539f87e095c881e552bc45dab