Draft: CVE-2022-43750 kernel: memory corruption in usbmon driver (!2013) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Desnes Nunes requested to merge desnesn/centos-stream-9:rh2157698 into main Feb 03, 2023

BUGZILLA

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2157698

UPSTREAM STATUS

Upstream Status: Patch has been accepted on kernel/git/torvalds/linux.git

CVE

CVE: CVE-2022-43750

CONFLICTS

None

BUILD INFORMATION

Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=50474173

TESTING

Functional testing: TBD

Smoke test:

[root@intel-whitley-07 rh2157698]# modinfo usbmon
name:           usbmon
filename:       (builtin)
license:        GPL
file:           drivers/usb/mon/usbmon

[root@intel-whitley-07 rh2157698]# uname -r
5.14.0-255.rh2157698.el9.x86_64

[root@intel-whitley-07 rh2157698]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 9.1 (Plow)

[root@intel-whitley-07 rh2157698]# rpm -q --changelog kernel-5.14.0-255.rh2157698.el9.x86_64 | head -n2
* Thu Feb 02 2023 Desnes Nunes <desnesn@redhat.com> [5.14.0-255.rh2157698.el9]
- usb: mon: make mmapped memory read only (Desnes Nunes)

[root@intel-whitley-07 rh2157698]# lscpu | grep -m1 Model
Model name:                      Intel(R) Xeon(R) Platinum 8360Y CPU @ 2.40GHz

[root@intel-whitley-07 rh2157698]# dmidecode | grep -A3 '^System Information'
System Information
	Manufacturer: Intel Corporation
	Product Name: M50CYP2SB2U
	Version: ....................

DESCRIPTION

This fixes CVE-2022-43750 that causes memory corruption in the usbmon driver.

This currently happens due to the possibility of /dev/usbmon memory being mmap to user space, which will lead to a kernel crash.

Signed-off-by: Desnes Nunes desnesn@redhat.com

Draft: CVE-2022-43750 kernel: memory corruption in usbmon driver