| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050109-CVE-2022-49922-93fb@gregkh> Date: Thu, 1 May 2025 16:11:52 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49922: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb should be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send() will only free skb when i2c_master_send() return >=0, which means skb will memleak when i2c_master_send() failed. Free skb no matter whether i2c_master_send() succeeds. The Linux kernel CVE team has assigned CVE-2022-49922 to this issue. Affected and fixed versions =========================== Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 4.9.333 with commit dd0ee55ead91fbb16889dbe7ff0b0f7c9e4e849d Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 4.14.299 with commit 825656ae61e73ddc05f585e6258d284c87064b10 Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 4.19.265 with commit c8e7d4a1166f063703955f1b2e765a6db5bf1771 Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 5.4.224 with commit f30060efcf18883748a0541aa41acef183cd9c0e Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 5.10.154 with commit 52438e734c1566f5e2bcd9a065d2d65e306c0555 Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 5.15.78 with commit 5dfdac5e3f8db5f4445228c44f64091045644a3b Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 6.0.8 with commit 92a1df9c6da20c02cf9872f8b025a66ddb307aeb Issue introduced in 4.4 with commit b5b3e23e4cace008e1a30e8614a484d14dfd07a1 and fixed in 6.1 with commit 93d904a734a74c54d945a9884b4962977f1176cd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49922 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/nfc/nfcmrvl/i2c.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/dd0ee55ead91fbb16889dbe7ff0b0f7c9e4e849d https://git.kernel.org/stable/c/825656ae61e73ddc05f585e6258d284c87064b10 https://git.kernel.org/stable/c/c8e7d4a1166f063703955f1b2e765a6db5bf1771 https://git.kernel.org/stable/c/f30060efcf18883748a0541aa41acef183cd9c0e https://git.kernel.org/stable/c/52438e734c1566f5e2bcd9a065d2d65e306c0555 https://git.kernel.org/stable/c/5dfdac5e3f8db5f4445228c44f64091045644a3b https://git.kernel.org/stable/c/92a1df9c6da20c02cf9872f8b025a66ddb307aeb https://git.kernel.org/stable/c/93d904a734a74c54d945a9884b4962977f1176cd
Powered by blists - more mailing lists