CVE-2022-49147

Publication date

2025-02-26 01:55:15

Family

Linux

State

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, inclusive. So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor(). This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is (1 << MINORBITS). So, should disk->first_minor be NR_EXT_DEVT, it would overflow.