| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024071631-CVE-2022-48775-d5e9@gregkh> Date: Tue, 16 Jul 2024 13:13:29 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48775: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj Description =========== In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix memory leak by calling kobject_put(). The Linux kernel CVE team has assigned CVE-2022-48775 to this issue. Affected and fixed versions =========================== Issue introduced in 4.15 with commit c2e5df616e1a and fixed in 4.19.231 with commit 417947891bd5 Issue introduced in 4.15 with commit c2e5df616e1a and fixed in 5.4.181 with commit fe595759c2a4 Issue introduced in 4.15 with commit c2e5df616e1a and fixed in 5.10.102 with commit 91d8866ca552 Issue introduced in 4.15 with commit c2e5df616e1a and fixed in 5.15.25 with commit c377e2ba78d3 Issue introduced in 4.15 with commit c2e5df616e1a and fixed in 5.16.11 with commit 92e25b637cd4 Issue introduced in 4.15 with commit c2e5df616e1a and fixed in 5.17 with commit 8bc69f86328e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48775 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hv/vmbus_drv.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/417947891bd5ae327f15efed1a0da2b12ef24962 https://git.kernel.org/stable/c/fe595759c2a4a5bb41c438474f15947d8ae32f5c https://git.kernel.org/stable/c/91d8866ca55232d21995a3d54fac96de33c9e20c https://git.kernel.org/stable/c/c377e2ba78d3fe9a1f0b4ec424e75f81da7e81e9 https://git.kernel.org/stable/c/92e25b637cd4e010f776c86e4810300e773eac5c https://git.kernel.org/stable/c/8bc69f86328e87a0ffa79438430cc82f3aa6a194
Powered by blists - more mailing lists