| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022646-CVE-2022-49375-c238@gregkh> Date: Wed, 26 Feb 2025 03:10:49 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49375: rtc: mt6397: check return value after calling platform_get_resource() Description =========== In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. The Linux kernel CVE team has assigned CVE-2022-49375 to this issue. Affected and fixed versions =========================== Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 4.9.318 with commit 3867f0bbb94773d41e789257abec0d14f37da217 Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 4.14.283 with commit 79fa3f5758d8712df0678df98161f948fc4370e5 Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 4.19.247 with commit 6ecd4d5c28408df36a1a6f0b1973f633c949ac1f Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 5.4.198 with commit d77f28c1bc9d3043a52069fe42e4a26fbf961ebd Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 5.10.122 with commit 82bfea344e8f7e9a0e0b1bf9af27552baa756620 Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 5.15.47 with commit 865051de2d9eaa50630e055b73921ceaf3c4a7fc Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 5.17.15 with commit 58a729c55ce3a432eb827fdaa24c7909cd3b0a6b Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 5.18.4 with commit da38e86d6cf6dd3bc65c602d998f357145aa1a0b Issue introduced in 4.2 with commit fc2979118f3f5193475cb53d5df7bdaa7e358a42 and fixed in 5.19 with commit d3b43eb505bffb8e4cdf6800c15660c001553fe6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49375 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/rtc/rtc-mt6397.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3867f0bbb94773d41e789257abec0d14f37da217 https://git.kernel.org/stable/c/79fa3f5758d8712df0678df98161f948fc4370e5 https://git.kernel.org/stable/c/6ecd4d5c28408df36a1a6f0b1973f633c949ac1f https://git.kernel.org/stable/c/d77f28c1bc9d3043a52069fe42e4a26fbf961ebd https://git.kernel.org/stable/c/82bfea344e8f7e9a0e0b1bf9af27552baa756620 https://git.kernel.org/stable/c/865051de2d9eaa50630e055b73921ceaf3c4a7fc https://git.kernel.org/stable/c/58a729c55ce3a432eb827fdaa24c7909cd3b0a6b https://git.kernel.org/stable/c/da38e86d6cf6dd3bc65c602d998f357145aa1a0b https://git.kernel.org/stable/c/d3b43eb505bffb8e4cdf6800c15660c001553fe6
Powered by blists - more mailing lists