| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022658-CVE-2022-49447-4819@gregkh> Date: Wed, 26 Feb 2025 03:12:01 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49447: ARM: hisi: Add missing of_node_put after of_find_compatible_node Description =========== In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing of_node_put after of_find_compatible_node of_find_compatible_node will increment the refcount of the returned device_node. Calling of_node_put() to avoid the refcount leak The Linux kernel CVE team has assigned CVE-2022-49447 to this issue. Affected and fixed versions =========================== Fixed in 4.9.318 with commit 46cb7868811d025c3d29c10d18b3422db1cf20d5 Fixed in 4.14.283 with commit f8da78b2bae1f54746647a2bb44f8bd6025c57af Fixed in 4.19.247 with commit dd4be8ecfb41a29e7c4e551b4e866157ce4a3429 Fixed in 5.4.198 with commit e109058165137ef42841abd989f080adfefa14fa Fixed in 5.10.121 with commit 21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d Fixed in 5.15.46 with commit a3265a9440030068547a20dfee646666f3ca5278 Fixed in 5.17.14 with commit cafaaae4bb9ce84a2791fa29bf6907a9466c3883 Fixed in 5.18.3 with commit 45d211668d33c49d73f5213e8c2b58468108647c Fixed in 5.19 with commit 9bc72e47d4630d58a840a66a869c56b29554cfe4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49447 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm/mach-hisi/platsmp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5 https://git.kernel.org/stable/c/f8da78b2bae1f54746647a2bb44f8bd6025c57af https://git.kernel.org/stable/c/dd4be8ecfb41a29e7c4e551b4e866157ce4a3429 https://git.kernel.org/stable/c/e109058165137ef42841abd989f080adfefa14fa https://git.kernel.org/stable/c/21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d https://git.kernel.org/stable/c/a3265a9440030068547a20dfee646666f3ca5278 https://git.kernel.org/stable/c/cafaaae4bb9ce84a2791fa29bf6907a9466c3883 https://git.kernel.org/stable/c/45d211668d33c49d73f5213e8c2b58468108647c https://git.kernel.org/stable/c/9bc72e47d4630d58a840a66a869c56b29554cfe4
Powered by blists - more mailing lists