Bug 1199087 - (CVE-2022-29968) VUL-1: CVE-2022-29968: kernel-source,kernel-source-azure,kernel-source-rt: io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private
(CVE-2022-29968)
VUL-1: CVE-2022-29968: kernel-source,kernel-source-azure,kernel-source-rt: io...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/330430/
CVSSv3.1:SUSE:CVE-2022-29968:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-02 14:51 UTC by Thomas Leroy
Modified: 2022-05-04 06:55 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-05-02 14:51:21 UTC
rh#2080940

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in
fs/io_uring.c lacks initialization of kiocb->private.

Fixing commit:
https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d (io_uring: fix uninitialized field in rw io_kiocb)

Commit introducing the bug:
https://github.com/torvalds/linux/commit/3e08773c3841e9db7a520908cc2b136a77d275ff (block: switch polling to be bio based)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2080940
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29968
https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d
Comment 1 Thomas Leroy 2022-05-02 15:11:20 UTC
Only stable branch is affected.
Comment 2 Petr Mladek 2022-05-03 10:36:27 UTC
I guess that it will get resoved naturally by updating the stable kernel.

Jiri, please reassign this bug back to the security team when
the fix reaches stable.
Comment 4 Jiri Slaby 2022-05-04 05:00:45 UTC
Pushed to stable, so that we have bsc# and CVE# in place.
Comment 5 Thomas Leroy 2022-05-04 06:55:05 UTC
Thanks Petr and Jiri. I guess everything done now. Closing.