| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022621-CVE-2022-49656-830e@gregkh> Date: Wed, 26 Feb 2025 03:23:39 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49656: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus Description =========== In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. The Linux kernel CVE team has assigned CVE-2022-49656 to this issue. Affected and fixed versions =========================== Issue introduced in 4.15 with commit d850f3e5d2966e5c9eb55f66181cee960737e04c and fixed in 4.19.252 with commit 2e1bcd33478ef44e63a45457055060b5fe4118ad Issue introduced in 4.15 with commit d850f3e5d2966e5c9eb55f66181cee960737e04c and fixed in 5.4.205 with commit 3cf8ece9113242c10f83c7675ea4f4f67959ee43 Issue introduced in 4.15 with commit d850f3e5d2966e5c9eb55f66181cee960737e04c and fixed in 5.10.130 with commit 3d90607e7e6afa89768b0aaa915b58bd2b849276 Issue introduced in 4.15 with commit d850f3e5d2966e5c9eb55f66181cee960737e04c and fixed in 5.15.54 with commit 7208101ded1e9dcc52c8f0f8b16474211c871c1a Issue introduced in 4.15 with commit d850f3e5d2966e5c9eb55f66181cee960737e04c and fixed in 5.18.11 with commit c5fbf4f74c94fd60d5e9bf9f7f8268c3601562ca Issue introduced in 4.15 with commit d850f3e5d2966e5c9eb55f66181cee960737e04c and fixed in 5.19 with commit 34d2cd3fccced12b958b8848e3eff0ee4296764c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49656 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm/mach-meson/platsmp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2e1bcd33478ef44e63a45457055060b5fe4118ad https://git.kernel.org/stable/c/3cf8ece9113242c10f83c7675ea4f4f67959ee43 https://git.kernel.org/stable/c/3d90607e7e6afa89768b0aaa915b58bd2b849276 https://git.kernel.org/stable/c/7208101ded1e9dcc52c8f0f8b16474211c871c1a https://git.kernel.org/stable/c/c5fbf4f74c94fd60d5e9bf9f7f8268c3601562ca https://git.kernel.org/stable/c/34d2cd3fccced12b958b8848e3eff0ee4296764c
Powered by blists - more mailing lists