CVE-2022-49147 Information

Mar 01, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

block: Fix the maximum minor value is blk_alloc_ext_minor()

ida_alloc_range(… min max …) returns values from min to max inclusive.

So NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor().

This is an issue because in device_add_disk() this value is used in: ddev->devt = MKDEV(disk->major disk->first_minor); and NR_EXT_DEVT is ‘(1 « MINORBITS)’.

So should ‘disk->first_minor’ be NR_EXT_DEVT it would overflow.

Reference

https://git.kernel.org/stable/c/0f8cf8f5ccbad25ed6828875b222dbab29d5c272 https://git.kernel.org/stable/c/5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb https://git.kernel.org/stable/c/d1868328dec5ae2cf210111025fcbc71f78dd5ca https://git.kernel.org/stable/c/fbe2cc4525480ddd20c866bb5c0578071e01451a

Share on: