| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024071628-CVE-2022-48860-92e9@gregkh> Date: Tue, 16 Jul 2024 14:27:45 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48860: ethernet: Fix error handling in xemaclite_of_probe Description =========== In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemaclite_of_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak. As the remove function do. The Linux kernel CVE team has assigned CVE-2022-48860 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 4.9.307 with commit 669172ce9766 Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 4.14.272 with commit b7220f8e9d6c Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 4.19.235 with commit 8609e29611be Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 5.4.185 with commit 8ee065a7a9b6 Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 5.10.106 with commit 979b418b96e3 Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 5.15.29 with commit 5e7c402892e1 Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 5.16.15 with commit 1852854ee349 Issue introduced in 2.6.34 with commit 5cdaaa12866e and fixed in 5.17 with commit b19ab4b38b06 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48860 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/xilinx/xilinx_emaclite.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/669172ce976608b25a2f76f3c65d47f042d125c9 https://git.kernel.org/stable/c/b7220f8e9d6c6b9594ddfb3125dad938cd478b1f https://git.kernel.org/stable/c/8609e29611befc4bfbe7a91bb50fc65ae72ff549 https://git.kernel.org/stable/c/8ee065a7a9b6a3976c16340503677efc4d8351f6 https://git.kernel.org/stable/c/979b418b96e35f07136f77962ccfaa54cf3e30e1 https://git.kernel.org/stable/c/5e7c402892e189a7bc152b125e72261154aa585d https://git.kernel.org/stable/c/1852854ee349881efb78ccdbbb237838975902e4 https://git.kernel.org/stable/c/b19ab4b38b06aae12442b2de95ccf58b5dc53584
Powered by blists - more mailing lists