| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022634-CVE-2022-49302-fd6c@gregkh> Date: Wed, 26 Feb 2025 03:09:36 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49302: USB: host: isp116x: check return value after calling platform_get_resource() Description =========== In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. The Linux kernel CVE team has assigned CVE-2022-49302 to this issue. Affected and fixed versions =========================== Fixed in 4.9.318 with commit 804de302ada3544699c5f48c5314b249af76faa3 Fixed in 4.14.283 with commit 7bffda1560a6f255fdf504e059fbbdb5d46b9e44 Fixed in 4.19.247 with commit 3825db88d8c704e7992b685618a03f82bffcf2ef Fixed in 5.4.198 with commit c91a74b1f0f2d2d7e728742ae55e3ffe9ba7853d Fixed in 5.10.122 with commit ee105039d3653444de4d3ede642383c92855dc1e Fixed in 5.15.47 with commit 3592cfd8b848bf0c4d7740d78a87a7b8f6e1fa9a Fixed in 5.17.15 with commit aca0cab0e9ed33b6371aafb519a6c38f2850ffc3 Fixed in 5.18.4 with commit 82a101f14943f479fd190b1e5b40d91c77e2ac1b Fixed in 5.19 with commit 134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49302 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/host/isp116x-hcd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/804de302ada3544699c5f48c5314b249af76faa3 https://git.kernel.org/stable/c/7bffda1560a6f255fdf504e059fbbdb5d46b9e44 https://git.kernel.org/stable/c/3825db88d8c704e7992b685618a03f82bffcf2ef https://git.kernel.org/stable/c/c91a74b1f0f2d2d7e728742ae55e3ffe9ba7853d https://git.kernel.org/stable/c/ee105039d3653444de4d3ede642383c92855dc1e https://git.kernel.org/stable/c/3592cfd8b848bf0c4d7740d78a87a7b8f6e1fa9a https://git.kernel.org/stable/c/aca0cab0e9ed33b6371aafb519a6c38f2850ffc3 https://git.kernel.org/stable/c/82a101f14943f479fd190b1e5b40d91c77e2ac1b https://git.kernel.org/stable/c/134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e
Powered by blists - more mailing lists