In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - add param check for DH
Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer.
[
{
"id": "CVE-2022-49564-0e542343",
"target": {
"file": "drivers/crypto/qat/qat_common/qat_asym_algs.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"142706907785554116101840007408156206781",
"38211714691577633403653020325429526378",
"207015825881991613455561903920138494230",
"134763806524708669490336608397911716117"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76c9216833e7c20a67c987cf89719a3f01666aaa",
"signature_type": "Line"
},
{
"id": "CVE-2022-49564-0f36b3e0",
"target": {
"file": "drivers/crypto/qat/qat_common/qat_asym_algs.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"142706907785554116101840007408156206781",
"38211714691577633403653020325429526378",
"207015825881991613455561903920138494230",
"134763806524708669490336608397911716117"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7f979ed51f96495328157df663c835b17db1e30",
"signature_type": "Line"
},
{
"id": "CVE-2022-49564-1d96d54c",
"target": {
"function": "qat_dh_compute_value",
"file": "drivers/crypto/qat/qat_common/qat_asym_algs.c"
},
"signature_version": "v1",
"digest": {
"length": 3830.0,
"function_hash": "114629049013130198806175403844954476539"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76c9216833e7c20a67c987cf89719a3f01666aaa",
"signature_type": "Function"
},
{
"id": "CVE-2022-49564-35775ca5",
"target": {
"file": "drivers/crypto/qat/qat_common/qat_asym_algs.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"142706907785554116101840007408156206781",
"38211714691577633403653020325429526378",
"207015825881991613455561903920138494230",
"134763806524708669490336608397911716117"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2acbb8771f6ac82422886e63832ee7a0f4b1635b",
"signature_type": "Line"
},
{
"id": "CVE-2022-49564-74a02a16",
"target": {
"function": "qat_dh_compute_value",
"file": "drivers/crypto/qat/qat_common/qat_asym_algs.c"
},
"signature_version": "v1",
"digest": {
"length": 3830.0,
"function_hash": "114629049013130198806175403844954476539"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7f979ed51f96495328157df663c835b17db1e30",
"signature_type": "Function"
},
{
"id": "CVE-2022-49564-f8cc7e3a",
"target": {
"function": "qat_dh_compute_value",
"file": "drivers/crypto/qat/qat_common/qat_asym_algs.c"
},
"signature_version": "v1",
"digest": {
"length": 3830.0,
"function_hash": "114629049013130198806175403844954476539"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2acbb8771f6ac82422886e63832ee7a0f4b1635b",
"signature_type": "Function"
}
]