-

CVE-2022-50678

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: fix invalid address access when enabling SCAN log level

The variable i is changed when setting random MAC address and causes
invalid address access when printing the value of pi->reqs[i]->reqid.

We replace reqs index with ri to fix the issue.

[  136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000
[  136.737365] Mem abort info:
[  136.740172]   ESR = 0x96000004
[  136.743359]   Exception class = DABT (current EL), IL = 32 bits
[  136.749294]   SET = 0, FnV = 0
[  136.752481]   EA = 0, S1PTW = 0
[  136.755635] Data abort info:
[  136.758514]   ISV = 0, ISS = 0x00000004
[  136.762487]   CM = 0, WnR = 0
[  136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp = 000000005c4e2577
[  136.772265] [0000000000000000] pgd=0000000000000000
[  136.777160] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[  136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)
[  136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)
[  136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G           O      4.19.42-00001-g531a5f5 #1
[  136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)
[  136.810584] pstate: 60400005 (nZCv daif +PAN -UAO)
[  136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[  136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]
[  136.828162] sp : ffff00000e9a3880
[  136.831475] x29: ffff00000e9a3890 x28: ffff800020543400
[  136.836786] x27: ffff8000b1008880 x26: ffff0000012bf6a0
[  136.842098] x25: ffff80002054345c x24: ffff800088d22400
[  136.847409] x23: ffff0000012bf638 x22: ffff0000012bf6d8
[  136.852721] x21: ffff8000aced8fc0 x20: ffff8000ac164400
[  136.858032] x19: ffff00000e9a3946 x18: 0000000000000000
[  136.863343] x17: 0000000000000000 x16: 0000000000000000
[  136.868655] x15: ffff0000093f3b37 x14: 0000000000000050
[  136.873966] x13: 0000000000003135 x12: 0000000000000000
[  136.879277] x11: 0000000000000000 x10: ffff000009a61888
[  136.884589] x9 : 000000000000000f x8 : 0000000000000008
[  136.889900] x7 : 303a32303d726464 x6 : ffff00000a1f957d
[  136.895211] x5 : 0000000000000000 x4 : ffff00000e9a3942
[  136.900523] x3 : 0000000000000000 x2 : ffff0000012cead8
[  136.905834] x1 : ffff0000012bf6d8 x0 : 0000000000000000
[  136.911146] Call trace:
[  136.913623]  brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[  136.919658]  brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]
[  136.925430]  brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]
[  136.931636]  nl80211_start_sched_scan+0x140/0x308 [cfg80211]
[  136.937298]  genl_rcv_msg+0x358/0x3f4
[  136.940960]  netlink_rcv_skb+0xb4/0x118
[  136.944795]  genl_rcv+0x34/0x48
[  136.947935]  netlink_unicast+0x264/0x300
[  136.951856]  netlink_sendmsg+0x2e4/0x33c
[  136.955781]  __sys_sendto+0x120/0x19c
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 7ccb0529446ae68a8581916bfc95c353306d76ba
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 1c12d47a9017a7745585b57b9b0fdc0d8c50978e
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 56a0ac48634155d2b866b99fba7e1dd8df4e2804
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 50e45034c5802cedbf5b707364ea76ace29ad984
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 75995ce1c926ee87bf93d58977c766b4e7744715
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 4d4dcfa6b4e85a878401f4fbae4cafc88cdcceb4
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 826405a911473b6ee8bd2aa891cb2f03a13efa17
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < aa666b68e73fc06d83c070d96180b9010cf5a960
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version <= 4.14.*
Version 4.14.296
Status unaffected
Version <= 4.19.*
Version 4.19.262
Status unaffected
Version <= 5.4.*
Version 5.4.220
Status unaffected
Version <= 5.10.*
Version 5.10.150
Status unaffected
Version <= 5.15.*
Version 5.15.75
Status unaffected
Version <= 5.19.*
Version 5.19.17
Status unaffected
Version <= 6.0.*
Version 6.0.3
Status unaffected
Version <= *
Version 6.1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.058
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String