| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061808-CVE-2022-50114-6adf@gregkh> Date: Wed, 18 Jun 2025 13:02:59 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50114: net: 9p: fix refcount leak in p9_read_work() error handling From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: 9p: fix refcount leak in p9_read_work() error handling p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid temporary refcount leak. [Dominique: commit wording adjustments, p9_req_put argument fixes for rebase] The Linux kernel CVE team has assigned CVE-2022-50114 to this issue. Affected and fixed versions =========================== Issue introduced in 4.20 with commit 728356dedeff8ef999cb436c71333ef4ac51a81c and fixed in 5.15.61 with commit 8324649b0035cbb30ebc3ca901540cb392e89041 Issue introduced in 4.20 with commit 728356dedeff8ef999cb436c71333ef4ac51a81c and fixed in 5.18.18 with commit 622f2a467bdfbce73fd43ea74b5f0fd2caaa8c5d Issue introduced in 4.20 with commit 728356dedeff8ef999cb436c71333ef4ac51a81c and fixed in 5.19.2 with commit 34b9a188557c1d5a50e07cf228d054101aee0af3 Issue introduced in 4.20 with commit 728356dedeff8ef999cb436c71333ef4ac51a81c and fixed in 6.0 with commit 4ac7573e1f9333073fa8d303acc941c9b7ab7f61 Issue introduced in 4.19.57 with commit 3665a4d9dca1bd06bc34afb72e637fe01b2776ee Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50114 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/9p/trans_fd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8324649b0035cbb30ebc3ca901540cb392e89041 https://git.kernel.org/stable/c/622f2a467bdfbce73fd43ea74b5f0fd2caaa8c5d https://git.kernel.org/stable/c/34b9a188557c1d5a50e07cf228d054101aee0af3 https://git.kernel.org/stable/c/4ac7573e1f9333073fa8d303acc941c9b7ab7f61
Powered by blists - more mailing lists