| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022645-CVE-2022-49370-05fc@gregkh> Date: Wed, 26 Feb 2025 03:10:44 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49370: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Description =========== In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add() If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix this issue by calling kobject_put(). The Linux kernel CVE team has assigned CVE-2022-49370 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.9.318 with commit a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725 Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.14.283 with commit ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.19.247 with commit c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.4.198 with commit a724634b2a49f6ff0177a9e19a5a92fc1545e1b7 Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.10.122 with commit 985706bd3bbeffc8737bc05965ca8d24837bc7db Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.15.47 with commit fdffa4ad8f6bf1ece877edfb807f2b2c729d8578 Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.17.15 with commit 3ba359ebe914ac3f8c6c832b28007c14c39d3766 Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.18.4 with commit ec752973aa721ee281d5441e497364637c626c7b Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.19 with commit 660ba678f9998aca6db74f2dd912fa5124f0fa31 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49370 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/firmware/dmi-sysfs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725 https://git.kernel.org/stable/c/ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef https://git.kernel.org/stable/c/c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d https://git.kernel.org/stable/c/a724634b2a49f6ff0177a9e19a5a92fc1545e1b7 https://git.kernel.org/stable/c/985706bd3bbeffc8737bc05965ca8d24837bc7db https://git.kernel.org/stable/c/fdffa4ad8f6bf1ece877edfb807f2b2c729d8578 https://git.kernel.org/stable/c/3ba359ebe914ac3f8c6c832b28007c14c39d3766 https://git.kernel.org/stable/c/ec752973aa721ee281d5441e497364637c626c7b https://git.kernel.org/stable/c/660ba678f9998aca6db74f2dd912fa5124f0fa31
Powered by blists - more mailing lists