Bugzilla – Bug 1227932
VUL-0: CVE-2022-48787: kernel: iwlwifi: fix use-after-free
Last modified: 2024-07-18 15:41:44 UTC
Description =========== In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which then in iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However the new code I added will still erroneously access it after it was freed. Set 'failure=false' in this case to avoid the access, all data was already freed anyway. The Linux kernel CVE team has assigned CVE-2022-48787 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14.263 with commit 8e10749fa1a4 and fixed in 4.14.268 with commit d3b98fe36f8a Issue introduced in 4.19.226 with commit 1d7cc54137a4 and fixed in 4.19.231 with commit 7d6475179b85 Issue introduced in 5.4.174 with commit 0446cafa843e and fixed in 5.4.181 with commit 494de920d98f Issue introduced in 5.10.94 with commit febab6b60d61 and fixed in 5.10.102 with commit 008508c16af0 Issue introduced in 5.15.17 with commit e23f075d7798 and fixed in 5.15.25 with commit ddd46059f7d9 Issue introduced in 5.16.3 with commit 6b5ad4bd0d78 and fixed in 5.16.11 with commit 9958b9cbb221 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48787 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/intel/iwlwifi/iwl-drv.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb https://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957 https://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063 https://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515 https://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d https://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48787 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2022/CVE-2022-48787.mbox https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb https://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957 https://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063 https://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515 https://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d https://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94