| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022633-CVE-2022-49724-124b@gregkh> Date: Wed, 26 Feb 2025 03:24:47 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49724: tty: goldfish: Fix free_irq() on remove Description =========== In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix free_irq() on remove Pass the correct dev_id to free_irq() to fix this splat when the driver is unbound: WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq Trying to free already-free IRQ 65 Call Trace: warn_slowpath_fmt free_irq goldfish_tty_remove platform_remove device_remove device_release_driver_internal device_driver_detach unbind_store drv_attr_store ... The Linux kernel CVE team has assigned CVE-2022-49724 to this issue. Affected and fixed versions =========================== Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 4.14.285 with commit c4b0b8edccb0cfb15a8cecf4161e0571d3daac64 Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 4.19.249 with commit c83a1d40dc624070a203eb383ef9fb60eb634136 Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.4.200 with commit f7183c76d500324b8b5bd0af5e663cfa57b7b836 Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.10.124 with commit 65ca4db68b6819244df9024aea4be55edf8af1ef Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.15.49 with commit fb15e79cacddfbc62264e6e807bde50ad688e988 Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.18.6 with commit a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8 Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.19 with commit 499e13aac6c762e1e828172b0f0f5275651d6512 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49724 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/goldfish.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64 https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136 https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836 https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988 https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8 https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512
Powered by blists - more mailing lists