| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022619-CVE-2022-49210-6839@gregkh>
Date: Wed, 26 Feb 2025 02:56:55 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49210: MIPS: pgalloc: fix memory leak caused by pgd_free()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
MIPS: pgalloc: fix memory leak caused by pgd_free()
pgd page is freed by generic implementation pgd_free() since commit
f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"),
however, there are scenarios that the system uses more than one page as
the pgd table, in such cases the generic implementation pgd_free() won't
be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and
MIPS_VA_BITS_48 is not enabled in a 64bit system, the macro "PGD_ORDER"
will be set as "1", which will cause allocating two pages as the pgd
table. Well, at the same time, the generic implementation pgd_free()
just free one pgd page, which will result in the memory leak.
The memory leak can be easily detected by executing shell command:
"while true; do ls > /dev/null; grep MemFree /proc/meminfo; done"
The Linux kernel CVE team has assigned CVE-2022-49210 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.9 with commit f9cb654cb550b7b87e8608b14fc3eca432429ffe and fixed in 5.10.110 with commit fa3d44424579972cc7c4fac3d9cf227798ebdfa0
Issue introduced in 5.9 with commit f9cb654cb550b7b87e8608b14fc3eca432429ffe and fixed in 5.15.33 with commit d29cda15cab086d82d692de016f7249545d4b6b4
Issue introduced in 5.9 with commit f9cb654cb550b7b87e8608b14fc3eca432429ffe and fixed in 5.16.19 with commit 5a8501d34b261906e4c76ec9da679f2cb4d309ed
Issue introduced in 5.9 with commit f9cb654cb550b7b87e8608b14fc3eca432429ffe and fixed in 5.17.2 with commit 1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1
Issue introduced in 5.9 with commit f9cb654cb550b7b87e8608b14fc3eca432429ffe and fixed in 5.18 with commit 2bc5bab9a763d520937e4f3fe8df51c6a1eceb97
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49210
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
arch/mips/include/asm/pgalloc.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0
https://git.kernel.org/stable/c/d29cda15cab086d82d692de016f7249545d4b6b4
https://git.kernel.org/stable/c/5a8501d34b261906e4c76ec9da679f2cb4d309ed
https://git.kernel.org/stable/c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1
https://git.kernel.org/stable/c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97
Powered by blists - more mailing lists