| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050121-CVE-2022-49787-7fb0@gregkh> Date: Thu, 1 May 2025 16:09:37 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49787: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count before amd_probe() returns. There is no problem for the 'smbus_dev == NULL' branch because pci_dev_put() can also handle the NULL input parameter case. The Linux kernel CVE team has assigned CVE-2022-49787 to this issue. Affected and fixed versions =========================== Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 4.14.300 with commit 7570e5b5419ffd34b6dc45a88c51e113a9a187e3 Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 4.19.267 with commit 5dbd6378dbf96787d6dbcca44156c511ae085ea3 Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 5.4.225 with commit 27f712cd47d65e14cd52cc32a23d42aeef583d5d Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 5.10.156 with commit 4423866d31a06a810db22062ed13389416a66b22 Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 5.15.80 with commit a99a547658e5d451f01ed307426286716b6f01bf Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 6.0.10 with commit 35bca18092685b488003509fef7055aa2d4f2ebc Issue introduced in 4.4 with commit 659c9bc114a810b3a3c1e50585cc57f1312a6d60 and fixed in 6.1 with commit 222cfa0118aa68687ace74aab8fdf77ce8fbd7e6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49787 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mmc/host/sdhci-pci-core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7570e5b5419ffd34b6dc45a88c51e113a9a187e3 https://git.kernel.org/stable/c/5dbd6378dbf96787d6dbcca44156c511ae085ea3 https://git.kernel.org/stable/c/27f712cd47d65e14cd52cc32a23d42aeef583d5d https://git.kernel.org/stable/c/4423866d31a06a810db22062ed13389416a66b22 https://git.kernel.org/stable/c/a99a547658e5d451f01ed307426286716b6f01bf https://git.kernel.org/stable/c/35bca18092685b488003509fef7055aa2d4f2ebc https://git.kernel.org/stable/c/222cfa0118aa68687ace74aab8fdf77ce8fbd7e6
Powered by blists - more mailing lists