APPLIED: [SRU][J][PATCH 0/1] CVE-2022-49267
Stefan Bader
stefan.bader at canonical.com
Fri Jan 23 12:51:30 UTC 2026
On 14/01/2026 22:25, Alice C. Munduruca wrote:
> [ Impact ]
>
> sprintf() is vulnerable to a buffer overflow and thus should not
> be used. sysfs_emit() should be used instead in MMC.
>
> [ Fix ]
>
> jammy: Backported from upstream commit.
> focal: PR will be sent to forgejo.
>
> [ Tests ]
>
> Compile and boot tested. (+stress-ng cpu, iomix)
>
> [ Where problems could occur ]
>
> Regressions are unlikely since the only change from the original
> patch is ignoring a missing include from the parent commit, and that
> patch has been well tested upstream. If that were to occur, a
> regression would probably be limited to the MMC subsystem.
>
> Sergey Shtylyov (1):
> mmc: core: use sysfs_emit() instead of sprintf()
>
> drivers/mmc/core/bus.c | 9 +++++----
> drivers/mmc/core/bus.h | 3 ++-
> drivers/mmc/core/mmc.c | 16 ++++++++--------
> drivers/mmc/core/sd.c | 25 ++++++++++++-------------
> drivers/mmc/core/sdio.c | 5 +++--
> drivers/mmc/core/sdio_bus.c | 7 ++++---
> 6 files changed, 34 insertions(+), 31 deletions(-)
>
Applied to jammy:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 52669 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260123/740bbea9/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260123/740bbea9/attachment-0001.sig>
More information about the kernel-team
mailing list