| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052154-CVE-2021-47416-7584@gregkh> Date: Tue, 21 May 2024 17:04:33 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47416: phy: mdio: fix memory leak Description =========== In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MDIOBUS_ALLOCATED state To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED _before_ calling device_register(), because put_device() should be called even in case of device_register() failure. The Linux kernel CVE team has assigned CVE-2021-47416 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 4.4.289 with commit 25e9f88c7e3c Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 4.9.287 with commit 2250392d930b Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 4.14.251 with commit f4f502a04ee1 Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 4.19.211 with commit 2397b9e11872 Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 5.4.153 with commit 414bb4ead136 Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 5.10.73 with commit 0d2dd40a7be6 Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 5.14.12 with commit 064c2616234a Issue introduced in 2.6.28 with commit 46abc02175b3 and fixed in 5.15 with commit ca6e11c337da Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47416 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/phy/mdio_bus.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639 https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7 https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6 https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988 https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905
Powered by blists - more mailing lists