| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062057-CVE-2022-48722-dc20@gregkh> Date: Thu, 20 Jun 2024 13:16:02 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48722: net: ieee802154: ca8210: Stop leaking skb's Description =========== In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure. Free the skb structure upon error before returning. The Linux kernel CVE team has assigned CVE-2022-48722 to this issue. Affected and fixed versions =========================== Issue introduced in 4.12 with commit ded845a781a5 and fixed in 4.14.265 with commit a1c277b0ed2a Issue introduced in 4.12 with commit ded845a781a5 and fixed in 4.19.228 with commit d6a44feb2f28 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.4.178 with commit 6f38d3a6ec11 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.10.99 with commit 78b3f20c17cb Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.15.22 with commit 94cd597e20ed Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.16.8 with commit 21feb6df3967 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.17 with commit 621b24b09eb6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48722 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ieee802154/ca8210.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851 https://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a https://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08 https://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56 https://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a https://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc https://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5
Powered by blists - more mailing lists