| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022615-CVE-2022-49185-119e@gregkh> Date: Wed, 26 Feb 2025 02:56:30 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49185: pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe Description =========== In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak. The Linux kernel CVE team has assigned CVE-2022-49185 to this issue. Affected and fixed versions =========================== Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 4.9.311 with commit 59250d547542f1c7765a78dc97ddfe5e6b0d2ab0 Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 4.14.276 with commit 0356d4b64a03d23daf99a2a29d7d7d91d6ec2ea8 Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 4.19.238 with commit 0067ba448f1c29ca06e5aee00d8506889ed1f9d0 Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 5.4.189 with commit bc1e29a35147c1ba6ea2b06a16cb0028f7c852d2 Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 5.10.110 with commit 669b05ff43bd7ed684379c6e2006a6dad5127b71 Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 5.15.33 with commit c52703355766c347f270df222a744e0c491a02f2 Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 5.16.19 with commit 9511c6018cd772668def8b034bc67269847e591a Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 5.17.2 with commit 62580a40c9bef3d8a90629c64dda381344b35ffd Issue introduced in 3.9 with commit 32e67eee670e1254ee5ab41e2f454680acb9c17c and fixed in 5.18 with commit c09ac191b1f97cfa06f394dbfd7a5db07986cefc Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49185 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/pinctrl/nomadik/pinctrl-nomadik.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/59250d547542f1c7765a78dc97ddfe5e6b0d2ab0 https://git.kernel.org/stable/c/0356d4b64a03d23daf99a2a29d7d7d91d6ec2ea8 https://git.kernel.org/stable/c/0067ba448f1c29ca06e5aee00d8506889ed1f9d0 https://git.kernel.org/stable/c/bc1e29a35147c1ba6ea2b06a16cb0028f7c852d2 https://git.kernel.org/stable/c/669b05ff43bd7ed684379c6e2006a6dad5127b71 https://git.kernel.org/stable/c/c52703355766c347f270df222a744e0c491a02f2 https://git.kernel.org/stable/c/9511c6018cd772668def8b034bc67269847e591a https://git.kernel.org/stable/c/62580a40c9bef3d8a90629c64dda381344b35ffd https://git.kernel.org/stable/c/c09ac191b1f97cfa06f394dbfd7a5db07986cefc
Powered by blists - more mailing lists