| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052110-CVE-2023-52838-be44@gregkh> Date: Tue, 21 May 2024 17:32:14 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52838: fbdev: imsttfb: fix a resource leak in probe Description =========== In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs). The Linux kernel CVE team has assigned CVE-2023-52838 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19.291 with commit 7f683f286a21 and fixed in 4.19.299 with commit 382e1931e0c9 Issue introduced in 5.4.251 with commit 815c95d82b79 and fixed in 5.4.261 with commit 6c66d737b272 Issue introduced in 5.10.188 with commit 2bf70b88cc35 and fixed in 5.10.201 with commit a4dfebec32ec Issue introduced in 5.15.116 with commit ad3de274e065 and fixed in 5.15.139 with commit 8e4b510fe917 Issue introduced in 6.1.33 with commit c6c0a9f61958 and fixed in 6.1.63 with commit 7bc7b82fb219 Issue introduced in 6.4 with commit c75f5a550610 and fixed in 6.5.12 with commit 18d26f9baca7 Issue introduced in 6.4 with commit c75f5a550610 and fixed in 6.6.2 with commit b346a531159d Issue introduced in 6.4 with commit c75f5a550610 and fixed in 6.7 with commit aba6ab57a910 Issue introduced in 4.14.322 with commit 64c6b84c73f5 Issue introduced in 6.3.7 with commit 4c86974fb422 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52838 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/video/fbdev/imsttfb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485 https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4 https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513 https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00 https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b
Powered by blists - more mailing lists