| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024082221-CVE-2022-48928-bd61@gregkh> Date: Thu, 22 Aug 2024 11:31:29 +0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48928: iio: adc: men_z188_adc: Fix a resource leak in an error handling path Description =========== In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function. The Linux kernel CVE team has assigned CVE-2022-48928 to this issue. Affected and fixed versions =========================== Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 4.9.304 with commit 0f8872231364 Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 4.14.269 with commit c5723b422f56 Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 4.19.232 with commit 53d43a9c8dd2 Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 5.4.182 with commit ce1076b33e29 Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 5.10.103 with commit 1aa12ecfdcba Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 5.15.26 with commit fe7347780298 Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 5.16.12 with commit d6ed5426a7fa Issue introduced in 3.15 with commit 74aeac4da66f and fixed in 5.17 with commit e0a2e37f3038 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48928 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/iio/adc/men_z188_adc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45 https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190 https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5 https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638 https://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563
Powered by blists - more mailing lists