| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050131-CVE-2022-49816-0190@gregkh> Date: Thu, 1 May 2025 16:10:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: xen/pcpu: fix possible memory leak in register_pcpu() In device_add(), dev_set_name() is called to allocate name, if it returns error, the name need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The Linux kernel CVE team has assigned CVE-2022-49816 to this issue. Affected and fixed versions =========================== Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 4.9.334 with commit ccb22c876e8e7f62377e749c971907efe65d34c2 Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 4.14.300 with commit 7ed540bcee2e24479524b9705cc7462b2652f944 Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 4.19.267 with commit 6209a85079a035b5c2279b15b197531156b549fa Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 5.4.225 with commit 0199bf0a8f74509736744c9e36f4473a5892a09d Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 5.10.156 with commit bb9924a6edd9d4a9ef83a5f337af60f8a7a68f98 Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 5.15.80 with commit c08c13cb13fa3866dd0700db3b246fcd2043ab81 Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 6.0.10 with commit e948f3c129d78537ded70bcc99c31f0b45f05dd7 Issue introduced in 3.6 with commit f65c9bb3fb725551d3e405f4d092caf24929cebe and fixed in 6.1 with commit da36a2a76b01b210ffaa55cdc2c99bc8783697c5 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49816 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/xen/pcpu.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ccb22c876e8e7f62377e749c971907efe65d34c2 https://git.kernel.org/stable/c/7ed540bcee2e24479524b9705cc7462b2652f944 https://git.kernel.org/stable/c/6209a85079a035b5c2279b15b197531156b549fa https://git.kernel.org/stable/c/0199bf0a8f74509736744c9e36f4473a5892a09d https://git.kernel.org/stable/c/bb9924a6edd9d4a9ef83a5f337af60f8a7a68f98 https://git.kernel.org/stable/c/c08c13cb13fa3866dd0700db3b246fcd2043ab81 https://git.kernel.org/stable/c/e948f3c129d78537ded70bcc99c31f0b45f05dd7 https://git.kernel.org/stable/c/da36a2a76b01b210ffaa55cdc2c99bc8783697c5
Powered by blists - more mailing lists