| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102154-CVE-2022-49020-2d32@gregkh> Date: Mon, 21 Oct 2024 22:06:52 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open Description =========== In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue. The Linux kernel CVE team has assigned CVE-2022-49020 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 4.9.335 with commit 0396227f4daf Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 4.14.301 with commit ded893965b89 Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 4.19.268 with commit 8b14bd0b500a Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 5.4.226 with commit 2d24d91b9f44 Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 5.10.158 with commit e01c1542379f Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 5.15.82 with commit 8782b32ef867 Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 6.0.12 with commit aa08323fe18c Issue introduced in 2.6.33 with commit 6b18662e239a and fixed in 6.1 with commit dcc14cfd7deb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49020 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/9p/trans_fd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443 https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64 https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260 https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748 https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8
Powered by blists - more mailing lists