| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100116-CVE-2022-50449-214c@gregkh> Date: Wed, 1 Oct 2025 13:45:19 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50449: clk: samsung: Fix memory leak in _samsung_clk_register_pll() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in _samsung_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it. The Linux kernel CVE team has assigned CVE-2022-50449 to this issue. Affected and fixed versions =========================== Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 4.14.303 with commit 7b738276a596fa101d320591e9fa84ea0fc3f713 Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 4.19.270 with commit 2e8dc0626fe86ae08914478dec1419618c557bc0 Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 5.4.229 with commit a00b4e0fa27317957536abf8f5d6a96d6cb9d9be Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 5.10.163 with commit da13355bb9961316d124f94dfc7a1385d0fb035a Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 5.15.86 with commit 4e501a31af8efa593a2f003637b56d00b75dca23 Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 6.0.16 with commit 4887ec922e407b4feaf060c7b099482a5c52dee3 Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 6.1.2 with commit a35323218ff32782d051d2643912311a22e07b6a Issue introduced in 3.12 with commit 3ff6e0d8d64d594a551b5c4904e4b617bf7eee22 and fixed in 6.2 with commit 5174e5b0d1b669a489524192b6adcbb3c54ebc72 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50449 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/clk/samsung/clk-pll.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7b738276a596fa101d320591e9fa84ea0fc3f713 https://git.kernel.org/stable/c/2e8dc0626fe86ae08914478dec1419618c557bc0 https://git.kernel.org/stable/c/a00b4e0fa27317957536abf8f5d6a96d6cb9d9be https://git.kernel.org/stable/c/da13355bb9961316d124f94dfc7a1385d0fb035a https://git.kernel.org/stable/c/4e501a31af8efa593a2f003637b56d00b75dca23 https://git.kernel.org/stable/c/4887ec922e407b4feaf060c7b099482a5c52dee3 https://git.kernel.org/stable/c/a35323218ff32782d051d2643912311a22e07b6a https://git.kernel.org/stable/c/5174e5b0d1b669a489524192b6adcbb3c54ebc72
Powered by blists - more mailing lists