| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100420-CVE-2022-50501-1b81@gregkh> Date: Sat, 4 Oct 2025 17:51:26 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50501: media: coda: Add check for dcoda_iram_alloc From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcoda_iram_alloc As the coda_iram_alloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. The Linux kernel CVE team has assigned CVE-2022-50501 to this issue. Affected and fixed versions =========================== Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 4.9.337 with commit 5688d33aa293dfa122d66bef9c0258ddf7ef11e7 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 4.14.303 with commit 2c6887d5a29024bada6928d1d0959c9990401384 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 4.19.270 with commit 45f57abaee136a1e39d2b04443a1bd5311ba7d94 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 5.4.229 with commit 2b436f1410245412ea5e4c356a175a928d73eed3 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 5.10.163 with commit 35ddd00b36589cf948875b825eedaab1aefd5ad5 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 5.15.86 with commit b99872178e7473f21904fdeea38109275aad8ae8 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 6.0.16 with commit 532417dc98cb9c1185ada4ea4e7ccf965c06bcb5 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 6.1.2 with commit 05f165ded4a7baec31b65aba88e2cd1fb9b91db2 Issue introduced in 3.17 with commit b313bcc9a46795c0233a765411cef9a15caaa7fb and fixed in 6.2 with commit 6b8082238fb8bb20f67e46388123e67a5bbc558d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50501 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/chips-media/coda-bit.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5688d33aa293dfa122d66bef9c0258ddf7ef11e7 https://git.kernel.org/stable/c/2c6887d5a29024bada6928d1d0959c9990401384 https://git.kernel.org/stable/c/45f57abaee136a1e39d2b04443a1bd5311ba7d94 https://git.kernel.org/stable/c/2b436f1410245412ea5e4c356a175a928d73eed3 https://git.kernel.org/stable/c/35ddd00b36589cf948875b825eedaab1aefd5ad5 https://git.kernel.org/stable/c/b99872178e7473f21904fdeea38109275aad8ae8 https://git.kernel.org/stable/c/532417dc98cb9c1185ada4ea4e7ccf965c06bcb5 https://git.kernel.org/stable/c/05f165ded4a7baec31b65aba88e2cd1fb9b91db2 https://git.kernel.org/stable/c/6b8082238fb8bb20f67e46388123e67a5bbc558d
Powered by blists - more mailing lists