| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022600-CVE-2022-49459-70f1@gregkh> Date: Wed, 26 Feb 2025 03:12:13 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49459: thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Description =========== In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe platform_get_resource() may return NULL, add proper check to avoid potential NULL dereferencing. The Linux kernel CVE team has assigned CVE-2022-49459 to this issue. Affected and fixed versions =========================== Issue introduced in 5.1 with commit 250e211057c7237dc75634b1372a1a3bd58dcd96 and fixed in 5.4.198 with commit b3461ccaa5d2588568d865faee285512ad448049 Issue introduced in 5.1 with commit 250e211057c7237dc75634b1372a1a3bd58dcd96 and fixed in 5.10.121 with commit 79098339ac2065f4b4352ef5921628970b6f47e6 Issue introduced in 5.1 with commit 250e211057c7237dc75634b1372a1a3bd58dcd96 and fixed in 5.15.46 with commit ef1235c6514a58f274246cf4a2d5f4e40af539ce Issue introduced in 5.1 with commit 250e211057c7237dc75634b1372a1a3bd58dcd96 and fixed in 5.17.14 with commit ee9b6b02e8c140323ed46d6602d805ea735c7719 Issue introduced in 5.1 with commit 250e211057c7237dc75634b1372a1a3bd58dcd96 and fixed in 5.18.3 with commit 61621e042c22b47d1eadee617bdd26835294b425 Issue introduced in 5.1 with commit 250e211057c7237dc75634b1372a1a3bd58dcd96 and fixed in 5.19 with commit e20d136ec7d6f309989c447638365840d3424c8e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49459 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/thermal/broadcom/sr-thermal.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b3461ccaa5d2588568d865faee285512ad448049 https://git.kernel.org/stable/c/79098339ac2065f4b4352ef5921628970b6f47e6 https://git.kernel.org/stable/c/ef1235c6514a58f274246cf4a2d5f4e40af539ce https://git.kernel.org/stable/c/ee9b6b02e8c140323ed46d6602d805ea735c7719 https://git.kernel.org/stable/c/61621e042c22b47d1eadee617bdd26835294b425 https://git.kernel.org/stable/c/e20d136ec7d6f309989c447638365840d3424c8e
Powered by blists - more mailing lists