lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024022824-CVE-2021-46985-4dad@gregkh>
Date: Wed, 28 Feb 2024 09:14:35 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: gregkh@...nel.org
Subject: CVE-2021-46985: ACPI: scan: Fix a memory leak in an error handling path

From: gregkh@...nel.org

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ACPI: scan: Fix a memory leak in an error handling path

If 'acpi_device_set_name()' fails, we must free
'acpi_device_bus_id->bus_id' or there is a (potential) memory leak.

The Linux kernel CVE team has assigned CVE-2021-46985 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.9.264 with commit e5cdbe419004 and fixed in 4.9.269 with commit 6901a4f795e0
	Issue introduced in 4.14.228 with commit 717d9d88fbd9 and fixed in 4.14.233 with commit 5ab9857dde7c
	Issue introduced in 4.19.184 with commit 7385e438e1f3 and fixed in 4.19.191 with commit 69cc821e89ce
	Issue introduced in 5.4.109 with commit bc0b1a2036dd and fixed in 5.4.120 with commit dafd4c0b5e83
	Issue introduced in 5.10.27 with commit 4a5891992c68 and fixed in 5.10.38 with commit e2381174daea
	Issue introduced in 5.11.11 with commit 321dbe6c0b55 and fixed in 5.11.22 with commit c5c8f6ffc942
	Issue introduced in 5.12 with commit eb50aaf960e3 and fixed in 5.12.5 with commit a7e17a8d421a
	Issue introduced in 5.12 with commit eb50aaf960e3 and fixed in 5.13 with commit 0c8bd174f0fc

Please see https://www.kernel.org or a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-46985
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/acpi/scan.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/6901a4f795e0e8d65ae779cb37fc22e0bf294712
	https://git.kernel.org/stable/c/5ab9857dde7c3ea3faef6b128d718cf8ba98721b
	https://git.kernel.org/stable/c/69cc821e89ce572884548ac54c4f80eec7a837a5
	https://git.kernel.org/stable/c/dafd4c0b5e835db020cff11c74b4af9493a58e72
	https://git.kernel.org/stable/c/e2381174daeae0ca35eddffef02dcc8de8c1ef8a
	https://git.kernel.org/stable/c/c5c8f6ffc942cf42f990f22e35bcf4cbe9d8c2fb
	https://git.kernel.org/stable/c/a7e17a8d421ae23c920240625b4413c7b94d94a4
	https://git.kernel.org/stable/c/0c8bd174f0fc131bc9dfab35cd8784f59045da87

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ