| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022609-CVE-2022-49508-c351@gregkh> Date: Wed, 26 Feb 2025 03:13:02 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49508: HID: elan: Fix potential double free in elan_input_configured Description =========== In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free. According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or binding fails). The Linux kernel CVE team has assigned CVE-2022-49508 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 4.19.247 with commit c92ec22a991778a096342cf1a917ae36c5c86a90 Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 5.4.198 with commit f1d4f19a796551edc6679a681ea1756b8c578c08 Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 5.10.121 with commit 6d0726725c7c560495f5ff364862a2cefea542e3 Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 5.15.46 with commit 24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47 Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 5.17.14 with commit 5291451851feeb66fd4bf0826710f482f3b1ab38 Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 5.18.3 with commit 8bb1716507ebf12d50bbf181764481de3b6bc7fd Issue introduced in 4.17 with commit 9a6a4193d65b853020ef0e66cecdf9e64a863883 and fixed in 5.19 with commit 1af20714fedad238362571620be0bd690ded05b6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49508 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hid/hid-elan.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90 https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08 https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3 https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47 https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38 https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6
Powered by blists - more mailing lists