| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022642-CVE-2022-49351-b85d@gregkh> Date: Wed, 26 Feb 2025 03:10:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49351: net: altera: Fix refcount leak in altera_tse_mdio_create Description =========== In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in altera_tse_mdio_create Every iteration of for_each_child_of_node() decrements the reference count of the previous node. When break from a for_each_child_of_node() loop, we need to explicitly call of_node_put() on the child node when not need anymore. Add missing of_node_put() to avoid refcount leak. The Linux kernel CVE team has assigned CVE-2022-49351 to this issue. Affected and fixed versions =========================== Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 4.9.318 with commit a013fa884d8738ad8455aa1a843b8c9d80c6c833 Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 4.14.283 with commit 1fd12298a0e0ca23478c715e672ee64c85670584 Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 4.19.247 with commit 5cd0e22fa11f4a21a8c09cc258f20b1474c95801 Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 5.4.198 with commit 8174acbef87b8dd8bf3731eba2a5af1ac857e239 Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 5.10.122 with commit 96bf5ed057df2d157274d4e2079002f9a9404bb8 Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 5.15.47 with commit e31d9ba169860687dba19bdc8fccbfd34077f655 Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 5.17.15 with commit 803b217f1fb49a2dbb2123acdb45111b9c48b8be Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 5.18.4 with commit 4f850fe0a32c3f1e19b76996a3b1ca32637a14de Issue introduced in 3.15 with commit bbd2190ce96d8fce031f0526c1f970b68adc9d1a and fixed in 5.19 with commit 11ec18b1d8d92b9df307d31950dcba0b3dd7283c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49351 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/altera/altera_tse_main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833 https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584 https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801 https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239 https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8 https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655 https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c
Powered by blists - more mailing lists