| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100120-CVE-2022-50462-a935@gregkh>
Date: Wed, 1 Oct 2025 13:45:32 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50462: MIPS: vpe-mt: fix possible memory leak while module exiting
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
MIPS: vpe-mt: fix possible memory leak while module exiting
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
it need be freed when module exiting, call put_device() to give up
reference, so that it can be freed in kobject_cleanup() when the
refcount hit to 0. The vpe_device is static, so remove kfree() from
vpe_device_release().
The Linux kernel CVE team has assigned CVE-2022-50462 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 4.9.337 with commit 170e9913c2ed5cfc37c0adf0fdbd368d2d8d8168
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 4.14.303 with commit 9d180e0bb21c57bd6cca2adeb672d3b522e910b5
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 4.19.270 with commit 851ae5640875f06494e40002cd503b11a634c6fb
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 5.4.229 with commit b3325a443525e3b89151879b834519b21c5e3011
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 5.10.163 with commit 48d42f4464d713fbdd79f334fdcd6e5be534cc67
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 5.15.86 with commit e820a8192ff68570100347855b567512aec43819
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 6.0.16 with commit b191dde84e40624d5577f64db0ec922c5c0ec57c
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 6.1.2 with commit ab3d47c1fd0202821abd473ca87580faafd47847
Issue introduced in 2.6.30 with commit 1fa5ae857bb14f6046205171d98506d8112dd74e and fixed in 6.2 with commit 5822e8cc84ee37338ab0bdc3124f6eec04dc232d
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50462
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
arch/mips/kernel/vpe-mt.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/170e9913c2ed5cfc37c0adf0fdbd368d2d8d8168
https://git.kernel.org/stable/c/9d180e0bb21c57bd6cca2adeb672d3b522e910b5
https://git.kernel.org/stable/c/851ae5640875f06494e40002cd503b11a634c6fb
https://git.kernel.org/stable/c/b3325a443525e3b89151879b834519b21c5e3011
https://git.kernel.org/stable/c/48d42f4464d713fbdd79f334fdcd6e5be534cc67
https://git.kernel.org/stable/c/e820a8192ff68570100347855b567512aec43819
https://git.kernel.org/stable/c/b191dde84e40624d5577f64db0ec922c5c0ec57c
https://git.kernel.org/stable/c/ab3d47c1fd0202821abd473ca87580faafd47847
https://git.kernel.org/stable/c/5822e8cc84ee37338ab0bdc3124f6eec04dc232d
Powered by blists - more mailing lists