| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091506-CVE-2022-50278-fcc9@gregkh>
Date: Mon, 15 Sep 2025 16:21:20 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50278: PNP: fix name memory leak in pnp_alloc_dev()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
PNP: fix name memory leak in pnp_alloc_dev()
After commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
move dev_set_name() after pnp_add_id() to avoid memory leak.
The Linux kernel CVE team has assigned CVE-2022-50278 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 4.9.337 with commit ea77b4b761cd75e5456f677311babfa0418f289a
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 4.14.303 with commit 693a0c13c1f0c0fcaa1e38cb806cc0789bd415aa
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 4.19.270 with commit bbcf772216aa237036cc3ae3158288d0a95aaf4d
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 5.4.229 with commit 81b024df4755e6bb6993b786584eca6eabbb9791
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 5.10.163 with commit dac87e295cddc8ab316cff14ab2071b5221d84fa
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 5.15.86 with commit c12b314bb23dc0c83e03402cc84574700947e3b2
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 6.0.16 with commit 1f50c7497a5f89de0c31f2edf086af41ff834320
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 6.1.2 with commit 290dd73b943c95c006df973257076ff163adf4d0
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 6.2 with commit 110d7b0325c55ff3620073ba4201845f59e22ebf
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50278
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/pnp/core.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/ea77b4b761cd75e5456f677311babfa0418f289a
https://git.kernel.org/stable/c/693a0c13c1f0c0fcaa1e38cb806cc0789bd415aa
https://git.kernel.org/stable/c/bbcf772216aa237036cc3ae3158288d0a95aaf4d
https://git.kernel.org/stable/c/81b024df4755e6bb6993b786584eca6eabbb9791
https://git.kernel.org/stable/c/dac87e295cddc8ab316cff14ab2071b5221d84fa
https://git.kernel.org/stable/c/c12b314bb23dc0c83e03402cc84574700947e3b2
https://git.kernel.org/stable/c/1f50c7497a5f89de0c31f2edf086af41ff834320
https://git.kernel.org/stable/c/290dd73b943c95c006df973257076ff163adf4d0
https://git.kernel.org/stable/c/110d7b0325c55ff3620073ba4201845f59e22ebf
Powered by blists - more mailing lists