Bug 1199087 – VUL-1: CVE-2022-29968: kernel-source,kernel-source-azure,kernel-source-rt: io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private

Bug 1199087 - (CVE-2022-29968) VUL-1: CVE-2022-29968: kernel-source,kernel-source-azure,kernel-source-rt: io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private

(CVE-2022-29968)
Summary:	VUL-1: CVE-2022-29968: kernel-source,kernel-source-azure,kernel-source-rt: io...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/330430/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-29968:3.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-05-02 14:51 UTC by Thomas Leroy
Modified:	2022-05-04 06:55 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-05-02 14:51:21 UTC

rh#2080940

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in
fs/io_uring.c lacks initialization of kiocb->private.

Fixing commit:
https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d (io_uring: fix uninitialized field in rw io_kiocb)

Commit introducing the bug:
https://github.com/torvalds/linux/commit/3e08773c3841e9db7a520908cc2b136a77d275ff (block: switch polling to be bio based)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2080940
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29968
https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d

Comment 1 Thomas Leroy 2022-05-02 15:11:20 UTC

Only stable branch is affected.

Comment 2 Petr Mladek 2022-05-03 10:36:27 UTC

I guess that it will get resoved naturally by updating the stable kernel.

Jiri, please reassign this bug back to the security team when
the fix reaches stable.

Comment 3 Jiri Slaby 2022-05-04 04:57:53 UTC

Yes, queued for 5.17.6:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=queue/5.17&id=0143fc613e1075092e1a67488237398b2ed94eba

Comment 4 Jiri Slaby 2022-05-04 05:00:45 UTC

Pushed to stable, so that we have bsc# and CVE# in place.

Comment 5 Thomas Leroy 2022-05-04 06:55:05 UTC

Thanks Petr and Jiri. I guess everything done now. Closing.