| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050158-CVE-2022-49893-209a@gregkh> Date: Thu, 1 May 2025 16:11:23 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49893: cxl/region: Fix cxl_region leak, cleanup targets at region delete From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region leak, cleanup targets at region delete When a region is deleted any targets that have been previously assigned to that region hold references to it. Trigger those references to drop by detaching all targets at unregister_region() time. Otherwise that region object will leak as userspace has lost the ability to detach targets once region sysfs is torn down. The Linux kernel CVE team has assigned CVE-2022-49893 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit b9686e8c8e39d4072081ef078c04915ee51c8af4 and fixed in 6.0.8 with commit 45d9fb4b758b9d602ee7776eb6754b0349946aad Issue introduced in 6.0 with commit b9686e8c8e39d4072081ef078c04915ee51c8af4 and fixed in 6.1 with commit 0d9e734018d70cecf79e2e4c6082167160a0f13f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49893 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/cxl/core/region.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/45d9fb4b758b9d602ee7776eb6754b0349946aad https://git.kernel.org/stable/c/0d9e734018d70cecf79e2e4c6082167160a0f13f
Powered by blists - more mailing lists