SB2025022716 - Buffer overflow in Linux kernel char driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2022-49100)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the init() and fini() functions in drivers/char/virtio_console.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0f3d824bd70a1303464d5e93ee3e7afe7832fe89
• https://git.kernel.org/stable/c/3504b0a177208eda85bf472bbf7c9aa77d2b8343
• https://git.kernel.org/stable/c/3fd5dee7404ce40c79cba468bb2510115639d975
• https://git.kernel.org/stable/c/44c2d5fbe7b2bd1f8cb114d608a591a73a5d4ae6
• https://git.kernel.org/stable/c/71612aee09ecea3475f8751dc841d75a011b1fd0
• https://git.kernel.org/stable/c/7deaddb704713608e0ae559e27185581b9af71a0
• https://git.kernel.org/stable/c/93e3d88321d2274fa4e26b006e19cc10fec331c2
• https://git.kernel.org/stable/c/c69b442125bf009fce26e15aa5616caf8a3673c3
• https://git.kernel.org/stable/c/fefb8a2a941338d871e2d83fbd65fbfa068857bd
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.276
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.238
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.111
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.20
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.189