| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022631-CVE-2022-49713-8ddc@gregkh> Date: Wed, 26 Feb 2025 03:24:36 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49713: usb: dwc2: Fix memory leak in dwc2_hcd_init Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we should call usb_put_hcd to free it when platform_get_resource() fails to prevent memory leak. goto error2 label instead error1 to fix this. The Linux kernel CVE team has assigned CVE-2022-49713 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14.250 with commit 4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b and fixed in 4.14.285 with commit 981ee40649e5fd9550f82db1fbb3bfab037da346 Issue introduced in 4.19.210 with commit a7182993dd8e09f96839ddc3ac54f9b37370d282 and fixed in 4.19.249 with commit 84e6d0af87e27bbc0db94f2e7323b34abe17b6e5 Issue introduced in 5.4.152 with commit 8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7 and fixed in 5.4.200 with commit 6506aff2dc2f7059aa3d45ee2e8639b25e87090f Issue introduced in 5.10.72 with commit 2754fa3b73df7d0ae042f3ed6cfd9df9042f6262 and fixed in 5.10.124 with commit a44a8a762f7fe9ad3c065813d058e835a6180cb2 Issue introduced in 5.15 with commit 856e6e8e0f9300befa87dde09edb578555c99a82 and fixed in 5.15.49 with commit 701d8ec01e0f229d4db6f43d3d64ee479120cbeb Issue introduced in 5.15 with commit 856e6e8e0f9300befa87dde09edb578555c99a82 and fixed in 5.18.6 with commit 52bfcedbfd5bf962dbdcb6e761f4d0dd3ba26dfd Issue introduced in 5.15 with commit 856e6e8e0f9300befa87dde09edb578555c99a82 and fixed in 5.19 with commit 3755278f078460b021cd0384562977bf2039a57a Issue introduced in 5.14.11 with commit 337f00a0bc62d7cb7d10ec0b872c79009a1641df Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49713 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/dwc2/hcd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/981ee40649e5fd9550f82db1fbb3bfab037da346 https://git.kernel.org/stable/c/84e6d0af87e27bbc0db94f2e7323b34abe17b6e5 https://git.kernel.org/stable/c/6506aff2dc2f7059aa3d45ee2e8639b25e87090f https://git.kernel.org/stable/c/a44a8a762f7fe9ad3c065813d058e835a6180cb2 https://git.kernel.org/stable/c/701d8ec01e0f229d4db6f43d3d64ee479120cbeb https://git.kernel.org/stable/c/52bfcedbfd5bf962dbdcb6e761f4d0dd3ba26dfd https://git.kernel.org/stable/c/3755278f078460b021cd0384562977bf2039a57a
Powered by blists - more mailing lists