| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062010-CVE-2022-48768-afee@gregkh> Date: Thu, 20 Jun 2024 13:16:48 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48768: tracing/histogram: Fix a potential memory leak for kstrdup() Description =========== In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated by kstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better to free it via kfree(p). The Linux kernel CVE team has assigned CVE-2022-48768 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.19 with commit 38b67e60b6b5 and fixed in 5.4.176 with commit 8a8878ebb596 Issue introduced in 5.6 with commit d380dcde9a07 and fixed in 5.10.96 with commit d71b06aa9950 Issue introduced in 5.6 with commit d380dcde9a07 and fixed in 5.15.19 with commit e33fa4a46ee2 Issue introduced in 5.6 with commit d380dcde9a07 and fixed in 5.16.5 with commit df86e2fe808c Issue introduced in 5.6 with commit d380dcde9a07 and fixed in 5.17 with commit e629e7b525a1 Issue introduced in 5.5.6 with commit c78a2baf5e1f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48768 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/trace/trace_events_hist.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8 https://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7 https://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175 https://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf https://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb
Powered by blists - more mailing lists