CVE-2022-49289

uaccess: fix integer overflow on access_ok()

References

Debian security tracker
cve.org

Notes

 carnil> Introduced in da551281947c ("csky: User access")
 carnil> f663b60f5215 ("microblaze: Fix uaccess_ok macro")
 carnil> 7567746e1c0d ("Hexagon: Add user access functions"). Vulnerable versions:
 carnil> 3.2-rc1.

Bugs

Status

Branch	Status
upstream	released (5.18-rc1) [222ca305c9fd39e5ed8104da25c09b2b79a516a8]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.13-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.6-upstream-stable	N/A "Fixed before branching point"
6.1-upstream-stable	N/A "Fixed before branching point"
5.10-upstream-stable	needed
sid	released (5.16.18-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	N/A "Fixed before branching point"
5.10-bullseye-security	needed