| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061834-CVE-2022-50017-56d1@gregkh> Date: Wed, 18 Jun 2025 13:01:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50017: mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start We should call of_node_put() for the reference 'uctl_node' returned by of_get_parent() which will increase the refcount. Otherwise, there will be a refcount leak bug. The Linux kernel CVE team has assigned CVE-2022-50017 to this issue. Affected and fixed versions =========================== Fixed in 4.9.326 with commit 9d1afa0169a84dcd5b79901d792edeb8403684ab Fixed in 4.14.291 with commit af87a469695dc2b2419b2fdff0bf41db5265b325 Fixed in 4.19.256 with commit c06166a484eece51916dd700a870e53356b7e1bc Fixed in 5.4.211 with commit 1b49707df679b5510ed06ace7378ddc2aec5c3fb Fixed in 5.10.138 with commit 1e39037e44d7fa3728686af146f9285ea197097d Fixed in 5.15.63 with commit 7822d994eb9579a1df4cdbc315db090a041e50f3 Fixed in 5.19.4 with commit a80016c40cc797c7f3e5a705b8e12ae447280335 Fixed in 6.0 with commit 7a9f743ceead60ed454c46fbc3085ee9a79cbebb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50017 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/mips/cavium-octeon/octeon-platform.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9d1afa0169a84dcd5b79901d792edeb8403684ab https://git.kernel.org/stable/c/af87a469695dc2b2419b2fdff0bf41db5265b325 https://git.kernel.org/stable/c/c06166a484eece51916dd700a870e53356b7e1bc https://git.kernel.org/stable/c/1b49707df679b5510ed06ace7378ddc2aec5c3fb https://git.kernel.org/stable/c/1e39037e44d7fa3728686af146f9285ea197097d https://git.kernel.org/stable/c/7822d994eb9579a1df4cdbc315db090a041e50f3 https://git.kernel.org/stable/c/a80016c40cc797c7f3e5a705b8e12ae447280335 https://git.kernel.org/stable/c/7a9f743ceead60ed454c46fbc3085ee9a79cbebb
Powered by blists - more mailing lists