| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091853-CVE-2022-50392-967e@gregkh> Date: Thu, 18 Sep 2025 15:34:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50392: ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() The node returned by of_parse_phandle() with refcount incremented, of_node_put() needs be called when finish using it. So add it in the error path in mt8183_mt6358_ts3a227_max98357_dev_probe(). The Linux kernel CVE team has assigned CVE-2022-50392 to this issue. Affected and fixed versions =========================== Issue introduced in 5.2 with commit 11c0269017b212fd47c593307d2dc3eb9713b2d0 and fixed in 5.15.86 with commit 82f7c814edda353b4781f356d3ab90e943d5eac4 Issue introduced in 5.2 with commit 11c0269017b212fd47c593307d2dc3eb9713b2d0 and fixed in 6.0.16 with commit 574bd4d14a9297a1c69ad41001caf00fdd17d305 Issue introduced in 5.2 with commit 11c0269017b212fd47c593307d2dc3eb9713b2d0 and fixed in 6.1.2 with commit 156b0c19c1a44153e34cfdfa5937546a93dcb288 Issue introduced in 5.2 with commit 11c0269017b212fd47c593307d2dc3eb9713b2d0 and fixed in 6.2 with commit 38eef3be38ab895959c442702864212cc3beb96c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50392 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/mediatek/mt8183/mt8183-mt6358-ts3a227-max98357.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/82f7c814edda353b4781f356d3ab90e943d5eac4 https://git.kernel.org/stable/c/574bd4d14a9297a1c69ad41001caf00fdd17d305 https://git.kernel.org/stable/c/156b0c19c1a44153e34cfdfa5937546a93dcb288 https://git.kernel.org/stable/c/38eef3be38ab895959c442702864212cc3beb96c
Powered by blists - more mailing lists