| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022625-CVE-2022-49681-faa1@gregkh> Date: Wed, 26 Feb 2025 03:24:04 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49681: xtensa: xtfpga: Fix refcount leak bug in setup Description =========== In the Linux kernel, the following vulnerability has been resolved: xtensa: xtfpga: Fix refcount leak bug in setup In machine_setup(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. The Linux kernel CVE team has assigned CVE-2022-49681 to this issue. Affected and fixed versions =========================== Fixed in 4.9.321 with commit b12d5c52f073a0420622aaf2f21b615cce8b36cc Fixed in 4.14.286 with commit 35d7e961be68732eb3acaeba81fb81ca16eafd05 Fixed in 4.19.250 with commit 0715d0e60052662c3f225342062f174dd721d1c7 Fixed in 5.4.202 with commit a52972ee706b438302eb0350e61f378eb191e3d1 Fixed in 5.10.127 with commit 6c0839cf1b9e1b3c88da6af76794583cbfae8da3 Fixed in 5.15.51 with commit 0162451723178602c37f0555d235dfa17e486112 Fixed in 5.18.8 with commit 9b30c5c8884eda3f541229899671cebbad15979b Fixed in 5.19 with commit 173940b3ae40114d4179c251a98ee039dc9cd5b3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49681 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/xtensa/platforms/xtfpga/setup.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b12d5c52f073a0420622aaf2f21b615cce8b36cc https://git.kernel.org/stable/c/35d7e961be68732eb3acaeba81fb81ca16eafd05 https://git.kernel.org/stable/c/0715d0e60052662c3f225342062f174dd721d1c7 https://git.kernel.org/stable/c/a52972ee706b438302eb0350e61f378eb191e3d1 https://git.kernel.org/stable/c/6c0839cf1b9e1b3c88da6af76794583cbfae8da3 https://git.kernel.org/stable/c/0162451723178602c37f0555d235dfa17e486112 https://git.kernel.org/stable/c/9b30c5c8884eda3f541229899671cebbad15979b https://git.kernel.org/stable/c/173940b3ae40114d4179c251a98ee039dc9cd5b3
Powered by blists - more mailing lists