Bug 1204901 (CVE-2022-44034) - VUL-0: CVE-2022-44034: kernel-source-azure,kernel-source,kernel-source-rt: race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device
Summary: VUL-0: CVE-2022-44034: kernel-source-azure,kernel-source,kernel-source-rt: ra...
Status: RESOLVED FIXED
Alias: CVE-2022-44034
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/346613/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-31 14:40 UTC by Thomas Leroy
Modified: 2024-05-03 09:06 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-10-31 14:40:27 UTC 
CVE-2022-44034

An issue was discovered in the Linux kernel through 6.0.6.
drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant
use-after-free if a physically proximate attacker removes a PCMCIA device while
calling open(), aka a race condition between scr24x_open() and scr24x_remove().

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44034
https://www.cve.org/CVERecord?id=CVE-2022-44034
http://www.cvedetails.com/cve/CVE-2022-44034/
https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/
https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/
Comment 1 Thomas Leroy 2022-10-31 14:42:35 UTC 
CONFIG_PCMCIA is only enabled on cve/linux-3.0, but this branch doesn't contain the commit introducing the scr24x_cs driver [0], so I think we're not affected.

[0] https://github.com/torvalds/linux/commit/f2ed287bcc9073d8edbf6561c389b282163edc78
Comment 2 Michal Koutný 2022-10-31 15:50:04 UTC 
Reassigning to a concrete person to ensure progress [1] (feel free to pass to next one), see also the process at [2].
 
I second this is moot for SLE kernels. May be resolved as unaffected.
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
[2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security
Comment 3 Jiri Slaby 2022-11-01 07:54:35 UTC 
Pushed to stable and be done with it.
Comment 9 Robert Frohl 2024-05-03 09:06:48 UTC 
done, closing