From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9605A12DDBB for ; Mon, 26 Feb 2024 17:21:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708968063; cv=none; b=XBmpSdXmt20/vsGRe4oUHm4c7visW0qoG/vLfxrejnSDJvHjMR9iZTe2S9hR0Sge/XAmyNE6F1Ss81A8M+HpDVu+636MD+U+WrxplnSe7iUC62/bmTvnRlPAPdOPi0d2mDrWmWA06NxjiFW9bND9Aq4LTcUDk99FteEht9ANMy4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708968063; c=relaxed/simple; bh=5xbQy8Alcff9tzwKYdqLBbMoFzUzR/ub8S69LThb2J4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=mWPexf16taMN3cUHfkx+DbBztphIPtQvkE1yAYFZ9/lHzEsNRDr+THS4Bs6H2sECl1E1Xtt8wornaqKnjJFDYWkeAqc+duiED3DDvF2ubJKh8+cCmdli5bE8kLD0WJjbyjSgi0vasa0HOwDfpb8SE14lli9T2ORMmuuV1pEckJY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=qYZMvP6e; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="qYZMvP6e" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 116C1C433C7; Mon, 26 Feb 2024 17:21:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1708968063; bh=5xbQy8Alcff9tzwKYdqLBbMoFzUzR/ub8S69LThb2J4=; h=From:To:Cc:Subject:Date:Reply-to:From; b=qYZMvP6e31uYLmd14mioRy4Juadxaoz8zSsXOPrAoKERyrb93Z/3j79ciQ7kCmSrI SlUq3d6PISAcvWPm9y1e9Lb0oEdVBGL0I1SET9fgiMHw+DVANd6p1ryU8MjTD00gj2 JC5V5QxWXsYwPoBT7GOwkv06kaYvEJFSmNKG+WSw= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2019-25160: netlabel: fix out-of-bounds memory accesses Date: Mon, 26 Feb 2024 18:20:57 +0100 Message-ID: <2024022657-CVE-2019-25160-e487@gregkh> X-Mailer: git-send-email 2.44.0 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=3126; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=5xbQy8Alcff9tzwKYdqLBbMoFzUzR/ub8S69LThb2J4=; b=owGbwMvMwCRo6H6F97bub03G02pJDKl3TlQ+TbtzTWXDr1tqZw6VCKVtWMa17o5ZoHTXW+8H8 4PnC/6Y3hHLwiDIxCArpsjyZRvP0f0VhxS9DG1Pw8xhZQIZwsDFKQAT2avEsKDLPqLmR5jcpgdX ra8Fdmnevv+C/TbDgoVpDd33Hf4ISa9MdAwUOXnMbFX7FgA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. The Linux kernel CVE team has assigned CVE-2019-25160 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 3.16.66 with commit 97bc3683c249 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 3.18.137 with commit c61d01faa555 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.4.177 with commit dc18101f95fa Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.9.163 with commit 1c973f9c7cc2 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.14.106 with commit fcfe700acdc1 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.19.28 with commit e3713abc4248 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 4.20.15 with commit fbf9578919d6 Issue introduced in 2.6.19 with commit 3faa8f982f95 and fixed in 5.0 with commit 5578de4834fe Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2019-25160 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ipv4/cipso_ipv4.c net/netlabel/netlabel_kapi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272 https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950 https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000 https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba641383f6c78 https://git.kernel.org/stable/c/5578de4834fe0f2a34fedc7374be691443396d1f