| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091557-CVE-2022-50298-06f8@gregkh> Date: Mon, 15 Sep 2025 16:46:00 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50298: slimbus: qcom-ngd: cleanup in probe error path From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd: cleanup in probe error path Add proper error path in probe() to cleanup resources previously acquired/allocated to fix warnings visible during probe deferral: notifier callback qcom_slim_ngd_ssr_notify already registered WARNING: CPU: 6 PID: 70 at kernel/notifier.c:28 notifier_chain_register+0x5c/0x90 Modules linked in: CPU: 6 PID: 70 Comm: kworker/u16:1 Not tainted 6.0.0-rc3-next-20220830 #380 Call trace: notifier_chain_register+0x5c/0x90 srcu_notifier_chain_register+0x44/0x90 qcom_register_ssr_notifier+0x38/0x4c qcom_slim_ngd_ctrl_probe+0xd8/0x400 platform_probe+0x6c/0xe0 really_probe+0xbc/0x2d4 __driver_probe_device+0x78/0xe0 driver_probe_device+0x3c/0x12c __device_attach_driver+0xb8/0x120 bus_for_each_drv+0x78/0xd0 __device_attach+0xa8/0x1c0 device_initial_probe+0x18/0x24 bus_probe_device+0xa0/0xac deferred_probe_work_func+0x88/0xc0 process_one_work+0x1d4/0x320 worker_thread+0x2cc/0x44c kthread+0x110/0x114 ret_from_fork+0x10/0x20 The Linux kernel CVE team has assigned CVE-2022-50298 to this issue. Affected and fixed versions =========================== Issue introduced in 5.11 with commit e1ae85e1830e167a63f94007e50e088b86aa0a16 and fixed in 5.15.75 with commit 1d567179f27788925dc90fe5e905cdabfce7d190 Issue introduced in 5.11 with commit e1ae85e1830e167a63f94007e50e088b86aa0a16 and fixed in 5.19.17 with commit 0c76110a3129c8d56d8fb7b6270dcc0c5c2f1a41 Issue introduced in 5.11 with commit e1ae85e1830e167a63f94007e50e088b86aa0a16 and fixed in 6.0.3 with commit ef5c42e6eb29a86abbcd4b2fd427e5194e51053c Issue introduced in 5.11 with commit e1ae85e1830e167a63f94007e50e088b86aa0a16 and fixed in 6.1 with commit 16f14551d0df9e7cd283545d7d748829594d912f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50298 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/slimbus/qcom-ngd-ctrl.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1d567179f27788925dc90fe5e905cdabfce7d190 https://git.kernel.org/stable/c/0c76110a3129c8d56d8fb7b6270dcc0c5c2f1a41 https://git.kernel.org/stable/c/ef5c42e6eb29a86abbcd4b2fd427e5194e51053c https://git.kernel.org/stable/c/16f14551d0df9e7cd283545d7d748829594d912f
Powered by blists - more mailing lists