| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061823-CVE-2022-50154-0e68@gregkh> Date: Wed, 18 Jun 2025 13:03:39 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50154: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() of_get_child_by_name() returns a node pointer with refcount incremented, so we should use of_node_put() on it when we don't need it anymore. Add missing of_node_put() to avoid refcount leak. The Linux kernel CVE team has assigned CVE-2022-50154 to this issue. Affected and fixed versions =========================== Issue introduced in 5.13 with commit 814cceebba9b7d1306b8d49587ffb0e81f7b73af and fixed in 5.15.61 with commit 0675fe20da7fa69b1ba80c23470c1433a2356c03 Issue introduced in 5.13 with commit 814cceebba9b7d1306b8d49587ffb0e81f7b73af and fixed in 5.18.18 with commit 2aa166c39d5a8221e6e22ab1a583656d4c8dc7f7 Issue introduced in 5.13 with commit 814cceebba9b7d1306b8d49587ffb0e81f7b73af and fixed in 5.19.2 with commit e593e22786edd9eca058cf054d6a2e12c138da67 Issue introduced in 5.13 with commit 814cceebba9b7d1306b8d49587ffb0e81f7b73af and fixed in 6.0 with commit bf038503d5fe90189743124233fe7aeb0984e961 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50154 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/pci/controller/pcie-mediatek-gen3.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0675fe20da7fa69b1ba80c23470c1433a2356c03 https://git.kernel.org/stable/c/2aa166c39d5a8221e6e22ab1a583656d4c8dc7f7 https://git.kernel.org/stable/c/e593e22786edd9eca058cf054d6a2e12c138da67 https://git.kernel.org/stable/c/bf038503d5fe90189743124233fe7aeb0984e961
Powered by blists - more mailing lists