[DATA] CVE-2022-1652

[DerDakon]

Change Type Requested Update

CVE id number CVE-2022-1652

References CVE assignment notice: https://www.openwall.com/lists/oss-security/2022/05/10/2

Additional context Author's short description

concurrency uaf between reset_interrupt and floppy_end_request

The dangerous ioctl has been made optional in https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf for 5.18

Backports:

• https://github.com/gregkh/linux/commit/d91ca05d52fabf68c0376bcfeed1a52be68a8e1b 5.17.6
• https://github.com/gregkh/linux/commit/e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3 5.15.37
• https://github.com/gregkh/linux/commit/54c028cfc49624bfc27a571b94edecc79bbaaab4 5.10.114
• https://github.com/gregkh/linux/commit/7dea5913000c6a2974a00d9af8e7ffb54e47eac1 5.4.192
• https://github.com/gregkh/linux/commit/0e535976774504af36fab1dfb54f3d4d6cc577a9 4.19.241
• https://github.com/gregkh/linux/commit/b7fa84ae1171a3c5ea5d710899080a6e63cfe084 4.14.278
• https://github.com/gregkh/linux/commit/0dd02ff72c6daf4e7800fb5dd1109fbacdde97dc 4.9.313

[DerDakon]

Fixed with 46f29bfb35d36b6de1b59a0df2b2ad853fe86208.