retired/CVE-2022-0854


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Description: swiotlb information leak with DMA_FROM_DEVICE
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2058395
 https://bugzilla.suse.com/show_bug.cgi?id=1196823
Notes:
 carnil> For 5.16.y fixed as well in 5.16.15.
 carnil> The initial fix commited to mainline which landed in 5.17-rc6
 carnil> was an old version and so made necessary to followup with a
 carnil> rework commit aa6f8dcbab47 ("swiotlb: rework "fix info leak
 carnil> with DMA_FROM_DEVICE"").
 carnil> The second part of the fix was holded back for stable trees due to
 carnil> regression caused on at least some wireless drivers, cf.
 carnil> https://lore.kernel.org/stable/Yj7oXgoCdhWAwFQt@kroah.com/
 bwh> The second part (commit aa6f8dcbab47) was reverted and replaced by
 bwh> commit 901c7280ca0d "Reinstate some of "swiotlb: rework "fix info
 bwh> leak with DMA_FROM_DEVICE""" in 5.18-rc1. That was applied in 5.17.2
 bwh> but should probably be applied to other stable branches too.
Bugs:
upstream: released (5.17-rc6) [ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e], released (5.18-rc1) [901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544]
5.10-upstream-stable: released (5.10.110) [d4d975e7921079f877f828099bb8260af335508f], released (5.10.118) [f3f2247ac31cb71d1f05f56536df5946c6652f4a]
4.19-upstream-stable: released (4.19.245) [8d9ac1b6665c73f23e963775f85d99679fd8e192, 06cb238b0f7ac1669cb06390704c61794724c191]
4.9-upstream-stable: released (4.9.320) [c132f2ba716b5ee6b35f82226a6e5417d013d753, fd97de9c7b973f46a6103f4170c5efc7b8ef8797]
sid: released (5.17.3-1)
5.10-bullseye-security: released (5.10.113-1), released (5.10.120-1)
4.19-buster-security: released (4.19.249-1)
4.9-stretch-security: released (4.9.320-2)