| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061821-CVE-2022-49982-cb7f@gregkh> Date: Wed, 18 Jun 2025 13:00:47 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49982: media: pvrusb2: fix memory leak in pvr_probe From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create, it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL, which leads to that pvr2_hdw_destroy directly returns. Fix this by adding v4l2_device_unregister to decrease the refcount of usb interface. The Linux kernel CVE team has assigned CVE-2022-49982 to this issue. Affected and fixed versions =========================== Fixed in 4.9.327 with commit 2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d Fixed in 4.14.292 with commit ba7dd8a9686a61a34b3a7b922ce721378d4740d0 Fixed in 4.19.257 with commit 491762b3250fb06a0c97b5198656ea48359eaeed Fixed in 5.4.212 with commit 466b67c0543b2ae67814d053f6e29b39be6b33bb Fixed in 5.10.141 with commit bacb37bdc2a21c8f7fdc83dcc0dea2f4ca1341fb Fixed in 5.15.65 with commit f2f6e67522916f53ad8ccd4dbe68dcf76e9776e5 Fixed in 5.19.7 with commit c02d2a91a85c4c4d05826cd1ea74a9b8d42e4280 Fixed in 6.0 with commit 945a9a8e448b65bec055d37eba58f711b39f66f0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49982 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/usb/pvrusb2/pvrusb2-hdw.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d https://git.kernel.org/stable/c/ba7dd8a9686a61a34b3a7b922ce721378d4740d0 https://git.kernel.org/stable/c/491762b3250fb06a0c97b5198656ea48359eaeed https://git.kernel.org/stable/c/466b67c0543b2ae67814d053f6e29b39be6b33bb https://git.kernel.org/stable/c/bacb37bdc2a21c8f7fdc83dcc0dea2f4ca1341fb https://git.kernel.org/stable/c/f2f6e67522916f53ad8ccd4dbe68dcf76e9776e5 https://git.kernel.org/stable/c/c02d2a91a85c4c4d05826cd1ea74a9b8d42e4280 https://git.kernel.org/stable/c/945a9a8e448b65bec055d37eba58f711b39f66f0
Powered by blists - more mailing lists