| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022616-CVE-2022-49191-ed02@gregkh> Date: Wed, 26 Feb 2025 02:56:36 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49191: mxser: fix xmit_buf leak in activate when LSR == 0xff Description =========== In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error. Provided ->shutdown() is not called when ->activate() fails, nothing actually frees the buffer in this case. Fix this by properly freeing the buffer in a designated label. We jump there also from the "!info->type" if now too. The Linux kernel CVE team has assigned CVE-2022-49191 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.9.311 with commit 376922045009f8ea2d20a8fa3475e95b47c41690 Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.14.276 with commit 125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.19.238 with commit 685b6d16bf89595310b5d61394c9b97cc9505c7c Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.4.189 with commit 996291d06851a26678a0fab488b6e1f0677c0576 Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.10.110 with commit 2cd05c38a27bee7fb42aa4d43174d68ac55dac0f Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.15.33 with commit b125b08dbee3611f03f53b71471813ed4ccafcdd Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.16.19 with commit 6c9041b2f90c0eace73106f22350e1d2c98f5edc Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.17.2 with commit 6dffc2035fbaada60ca8db59e0962e34f760370a Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.18 with commit cd3a4907ee334b40d7aa880c7ab310b154fd5cd4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49191 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/mxser.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/376922045009f8ea2d20a8fa3475e95b47c41690 https://git.kernel.org/stable/c/125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d https://git.kernel.org/stable/c/685b6d16bf89595310b5d61394c9b97cc9505c7c https://git.kernel.org/stable/c/996291d06851a26678a0fab488b6e1f0677c0576 https://git.kernel.org/stable/c/2cd05c38a27bee7fb42aa4d43174d68ac55dac0f https://git.kernel.org/stable/c/b125b08dbee3611f03f53b71471813ed4ccafcdd https://git.kernel.org/stable/c/6c9041b2f90c0eace73106f22350e1d2c98f5edc https://git.kernel.org/stable/c/6dffc2035fbaada60ca8db59e0962e34f760370a https://git.kernel.org/stable/c/cd3a4907ee334b40d7aa880c7ab310b154fd5cd4
Powered by blists - more mailing lists