| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022625-CVE-2022-49679-610d@gregkh> Date: Wed, 26 Feb 2025 03:24:02 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49679: ARM: Fix refcount leak in axxia_boot_secondary Description =========== In the Linux kernel, the following vulnerability has been resolved: ARM: Fix refcount leak in axxia_boot_secondary of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. The Linux kernel CVE team has assigned CVE-2022-49679 to this issue. Affected and fixed versions =========================== Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 4.9.321 with commit a9b76c232a1ce4cbf27862097f7eb634dcc779eb Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 4.14.286 with commit b385cb59aac8d61c29bc72ebf3d19a536914af96 Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 4.19.250 with commit 71e12e5b02674459a24f16e965255d63b31fe049 Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 5.4.202 with commit 29ca9c4efacccdc15104a8d4bf10b5183fc92840 Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 5.10.127 with commit 44a5b3a073e5aaa5720929dba95b2725eb32bb65 Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 5.15.51 with commit 4d9c60e868f7cf8e09956e7d5bb44d807d712699 Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 5.18.8 with commit 3c19fe3f04f4f4e7a2b722c2fd3c98356fc1d72b Issue introduced in 3.16 with commit 1d22924e1c4e299337e86e290c02c3e3eb43b608 and fixed in 5.19 with commit 7c7ff68daa93d8c4cdea482da4f2429c0398fcde Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49679 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm/mach-axxia/platsmp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a9b76c232a1ce4cbf27862097f7eb634dcc779eb https://git.kernel.org/stable/c/b385cb59aac8d61c29bc72ebf3d19a536914af96 https://git.kernel.org/stable/c/71e12e5b02674459a24f16e965255d63b31fe049 https://git.kernel.org/stable/c/29ca9c4efacccdc15104a8d4bf10b5183fc92840 https://git.kernel.org/stable/c/44a5b3a073e5aaa5720929dba95b2725eb32bb65 https://git.kernel.org/stable/c/4d9c60e868f7cf8e09956e7d5bb44d807d712699 https://git.kernel.org/stable/c/3c19fe3f04f4f4e7a2b722c2fd3c98356fc1d72b https://git.kernel.org/stable/c/7c7ff68daa93d8c4cdea482da4f2429c0398fcde
Powered by blists - more mailing lists