| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052134-CVE-2021-47330-f142@gregkh> Date: Tue, 21 May 2024 16:36:04 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47330: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path Description =========== In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path In the probe function, if the final 'serial_config()' fails, 'info' is leaking. Add a resource handling path to free this memory. The Linux kernel CVE team has assigned CVE-2021-47330 to this issue. Affected and fixed versions =========================== Fixed in 4.4.276 with commit b5a2799cd62e Fixed in 4.9.276 with commit 331f5923fce4 Fixed in 4.14.240 with commit 34f4590f5ec9 Fixed in 4.19.198 with commit cddee5c287e2 Fixed in 5.4.134 with commit ee16bed95986 Fixed in 5.10.52 with commit 7a80f71601af Fixed in 5.12.19 with commit c39cf4df19ac Fixed in 5.13.4 with commit b2ef1f5de403 Fixed in 5.14 with commit fad92b11047a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47330 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/serial/8250/serial_cs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584 https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461 https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67 https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32 https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2 https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5 https://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e
Powered by blists - more mailing lists