[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024052110-CVE-2023-52838-be44@gregkh>
Date: Tue, 21 May 2024 17:32:14 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2023-52838: fbdev: imsttfb: fix a resource leak in probe
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
fbdev: imsttfb: fix a resource leak in probe
I've re-written the error handling but the bug is that if init_imstt()
fails we need to call iounmap(par->cmap_regs).
The Linux kernel CVE team has assigned CVE-2023-52838 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.19.291 with commit 7f683f286a21 and fixed in 4.19.299 with commit 382e1931e0c9
Issue introduced in 5.4.251 with commit 815c95d82b79 and fixed in 5.4.261 with commit 6c66d737b272
Issue introduced in 5.10.188 with commit 2bf70b88cc35 and fixed in 5.10.201 with commit a4dfebec32ec
Issue introduced in 5.15.116 with commit ad3de274e065 and fixed in 5.15.139 with commit 8e4b510fe917
Issue introduced in 6.1.33 with commit c6c0a9f61958 and fixed in 6.1.63 with commit 7bc7b82fb219
Issue introduced in 6.4 with commit c75f5a550610 and fixed in 6.5.12 with commit 18d26f9baca7
Issue introduced in 6.4 with commit c75f5a550610 and fixed in 6.6.2 with commit b346a531159d
Issue introduced in 6.4 with commit c75f5a550610 and fixed in 6.7 with commit aba6ab57a910
Issue introduced in 4.14.322 with commit 64c6b84c73f5
Issue introduced in 6.3.7 with commit 4c86974fb422
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-52838
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/video/fbdev/imsttfb.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d
https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4
https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513
https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d
https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a
https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00
https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b
Powered by blists - more mailing lists