| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022650-CVE-2022-49399-a988@gregkh> Date: Wed, 26 Feb 2025 03:11:13 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49399: tty: goldfish: Use tty_port_destroy() to destroy port Description =========== In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), the port initialized through tty_port_init() should be destroyed in error paths.In goldfish_tty_remove(), qtty->port also should be destroyed or else might leak resources. Fix the above by calling tty_port_destroy(). The Linux kernel CVE team has assigned CVE-2022-49399 to this issue. Affected and fixed versions =========================== Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 4.14.283 with commit 241fcb79dd1df276d80b19f5f6acc9eaaaa63309 Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 4.19.247 with commit 326192b99c903a2193d820c30ed936cc2402382c Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 5.4.198 with commit 9ae3d073f7db5578ae1907544f0c15947e9678e6 Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 5.10.122 with commit ee6c33b29e624f515202a31bf6ef0437f26a1867 Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 5.15.47 with commit da64f419d7f78272bfe40dde1262602d4ff6b32c Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 5.17.15 with commit 45f6ce70abfb7ccf9d787781cbc4c03294a775a1 Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 5.18.4 with commit 4639d1b992de8f37d66f698056875c274efcd45f Issue introduced in 3.9 with commit 666b7793d4bfa9f150b5c2007ab48c755ddc53ca and fixed in 5.19 with commit 507b05063d1b7a1fcb9f7d7c47586fc4f3508f98 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49399 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/goldfish.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/241fcb79dd1df276d80b19f5f6acc9eaaaa63309 https://git.kernel.org/stable/c/326192b99c903a2193d820c30ed936cc2402382c https://git.kernel.org/stable/c/9ae3d073f7db5578ae1907544f0c15947e9678e6 https://git.kernel.org/stable/c/ee6c33b29e624f515202a31bf6ef0437f26a1867 https://git.kernel.org/stable/c/da64f419d7f78272bfe40dde1262602d4ff6b32c https://git.kernel.org/stable/c/45f6ce70abfb7ccf9d787781cbc4c03294a775a1 https://git.kernel.org/stable/c/4639d1b992de8f37d66f698056875c274efcd45f https://git.kernel.org/stable/c/507b05063d1b7a1fcb9f7d7c47586fc4f3508f98
Powered by blists - more mailing lists