| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091857-CVE-2022-50400-d99e@gregkh> Date: Thu, 18 Sep 2025 15:58:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50400: staging: greybus: audio_helper: remove unused and wrong debugfs usage From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audio_helper: remove unused and wrong debugfs usage In the greybus audio_helper code, the debugfs file for the dapm has the potential to be removed and memory will be leaked. There is also the very real potential for this code to remove ALL debugfs entries from the system, and it seems like this is what will really happen if this code ever runs. This all is very wrong as the greybus audio driver did not create this debugfs file, the sound core did and controls the lifespan of it. So remove all of the debugfs logic from the audio_helper code as there's no way it could be correct. If this really is needed, it can come back with a fixup for the incorrect usage of the debugfs_lookup() call which is what caused this to be noticed at all. The Linux kernel CVE team has assigned CVE-2022-50400 to this issue. Affected and fixed versions =========================== Fixed in 5.10.150 with commit d0febad83e29d85bb66e4f5cac0115b022403338 Fixed in 5.15.75 with commit 4dab0d27a4211a27135a6899d6c737e6e0759a11 Fixed in 5.19.17 with commit 5699afbff1fa2972722e863906c0320d55dd4d58 Fixed in 6.0.3 with commit d835fa49d9589a780ff0d001bb7e6323238a4afb Fixed in 6.1 with commit d517cdeb904ddc0cbebcc959d43596426cac40b0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50400 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/staging/greybus/audio_helper.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d0febad83e29d85bb66e4f5cac0115b022403338 https://git.kernel.org/stable/c/4dab0d27a4211a27135a6899d6c737e6e0759a11 https://git.kernel.org/stable/c/5699afbff1fa2972722e863906c0320d55dd4d58 https://git.kernel.org/stable/c/d835fa49d9589a780ff0d001bb7e6323238a4afb https://git.kernel.org/stable/c/d517cdeb904ddc0cbebcc959d43596426cac40b0
Powered by blists - more mailing lists