CVE-2022-49401

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version where the fix for the buffer overflow issue in mm/page owner.c is included.

Description A buffer overflow issue has been identified in the Linux kernel, specifically in the mm/page owner.c file. The issue arises from the use of strlcpy() instead of strscpy() when handling the current->comm[] array, which is not guaranteed to be a null-terminated string. This can potentially cause out-of-bound access, as reported by syzbot, leading to a detected buffer overflow in fortify strlen. The issue can result in a kernel BUG and an invalid opcode.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that replaces strlcpy() with strscpy() in mm/page owner.c to prevent the buffer overflow issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.