lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025050157-CVE-2022-49890-345f@gregkh>
Date: Thu,  1 May 2025 16:11:20 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-49890: capabilities: fix potential memleak on error path from vfs_getxattr_alloc()

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

capabilities: fix potential memleak on error path from vfs_getxattr_alloc()

In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to
complete the memory allocation of tmpbuf, if we have completed
the memory allocation of tmpbuf, but failed to call handler->get(...),
there will be a memleak in below logic:

  |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)
    |           /* ^^^ alloc for tmpbuf */
    |-- value = krealloc(*xattr_value, error + 1, flags)
    |           /* ^^^ alloc memory */
    |-- error = handler->get(handler, ...)
    |           /* error! */
    |-- *xattr_value = value
    |           /* xattr_value is &tmpbuf (memory leak!) */

So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.

[PM: subject line and backtrace tweaks]

The Linux kernel CVE team has assigned CVE-2022-49890 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 4.14.299 with commit 6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 4.19.265 with commit 90577bcc01c4188416a47269f8433f70502abe98
	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 5.4.224 with commit 0c3e6288da650d1ec911a259c77bc2d88e498603
	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 5.10.154 with commit cdf01c807e974048c43c7fd3ca574f6086a57906
	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 5.15.78 with commit 2de8eec8afb75792440b8900a01d52b8f6742fd1
	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 6.0.8 with commit 7480aeff0093d8c54377553ec6b31110bea37b4d
	Issue introduced in 4.14 with commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 and fixed in 6.1 with commit 8cf0a1bc12870d148ae830a4ba88cfdf0e879cee

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49890
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	security/commoncap.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
	https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98
	https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603
	https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906
	https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1
	https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d
	https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ