| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061826-CVE-2022-50162-b7b7@gregkh> Date: Wed, 18 Jun 2025 13:03:47 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50162: wifi: libertas: Fix possible refcount leak in if_usb_probe() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_get_firmware_async fails. The Linux kernel CVE team has assigned CVE-2022-50162 to this issue. Affected and fixed versions =========================== Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 4.14.291 with commit 61b2ec97487399c58ae2e34f250f4884e671799b Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 4.19.256 with commit 4c8e2f9ce1428e44cb103035eeced7aeb6b80980 Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 5.4.211 with commit 878e7f39803a9ab5bb9766956a7a04351d4bf99d Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 5.10.137 with commit 97e5d3e46a3a2100253a9717a4df98d68aeb10b8 Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 5.15.61 with commit d7365590d15bbd9008f424ef043d1778ffe29f42 Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 5.18.18 with commit 00d0c4e59c0f8ad1f86874bb64b220394e687028 Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 5.19.2 with commit 5b92f406a5199b6b01dc664b9226d824ae2835f0 Issue introduced in 3.5 with commit ce84bb69f50e6f6cfeabc9b965365290f4184417 and fixed in 6.0 with commit 6fd57e1d120bf13d4dc6c200a7cf914e6347a316 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50162 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/marvell/libertas/if_usb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/61b2ec97487399c58ae2e34f250f4884e671799b https://git.kernel.org/stable/c/4c8e2f9ce1428e44cb103035eeced7aeb6b80980 https://git.kernel.org/stable/c/878e7f39803a9ab5bb9766956a7a04351d4bf99d https://git.kernel.org/stable/c/97e5d3e46a3a2100253a9717a4df98d68aeb10b8 https://git.kernel.org/stable/c/d7365590d15bbd9008f424ef043d1778ffe29f42 https://git.kernel.org/stable/c/00d0c4e59c0f8ad1f86874bb64b220394e687028 https://git.kernel.org/stable/c/5b92f406a5199b6b01dc664b9226d824ae2835f0 https://git.kernel.org/stable/c/6fd57e1d120bf13d4dc6c200a7cf914e6347a316
Powered by blists - more mailing lists