| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022600-CVE-2022-49457-0a07@gregkh> Date: Wed, 26 Feb 2025 03:12:11 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49457: ARM: versatile: Add missing of_node_put in dcscb_init Description =========== In the Linux kernel, the following vulnerability has been resolved: ARM: versatile: Add missing of_node_put in dcscb_init The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should use of_node_put() to avoid the refcount leak. The Linux kernel CVE team has assigned CVE-2022-49457 to this issue. Affected and fixed versions =========================== Fixed in 4.9.318 with commit 2d7b23db35254b7d46e852967090c64cdccf24da Fixed in 4.14.283 with commit bbdfb7d4f036118d36415a2575efa6f5246505ae Fixed in 4.19.247 with commit a0fc05cd17617e63fc13ad0c01f3f0afd890d8ec Fixed in 5.4.198 with commit fcd1999ba97445a12cc394f5f42ffd9116bf0185 Fixed in 5.10.121 with commit d146e2a9864ade19914494de3fb520390b415d58 Fixed in 5.15.46 with commit 83c329b980bddbc8c6a3d287d91f2103a4d4a860 Fixed in 5.17.14 with commit 3c6006faed9aba5144b33176d061031a9be66954 Fixed in 5.18.3 with commit d6de7b181c29cd4578ec139aafb5eac062abbe1b Fixed in 5.19 with commit 23b44f9c649bbef10b45fa33080cd8b4166800ae Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49457 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm/mach-versatile/dcscb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2d7b23db35254b7d46e852967090c64cdccf24da https://git.kernel.org/stable/c/bbdfb7d4f036118d36415a2575efa6f5246505ae https://git.kernel.org/stable/c/a0fc05cd17617e63fc13ad0c01f3f0afd890d8ec https://git.kernel.org/stable/c/fcd1999ba97445a12cc394f5f42ffd9116bf0185 https://git.kernel.org/stable/c/d146e2a9864ade19914494de3fb520390b415d58 https://git.kernel.org/stable/c/83c329b980bddbc8c6a3d287d91f2103a4d4a860 https://git.kernel.org/stable/c/3c6006faed9aba5144b33176d061031a9be66954 https://git.kernel.org/stable/c/d6de7b181c29cd4578ec139aafb5eac062abbe1b https://git.kernel.org/stable/c/23b44f9c649bbef10b45fa33080cd8b4166800ae
Powered by blists - more mailing lists