| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100755-CVE-2022-50509-e40c@gregkh> Date: Tue, 7 Oct 2025 17:18:56 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50509: media: coda: Add check for kmalloc From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. The Linux kernel CVE team has assigned CVE-2022-50509 to this issue. Affected and fixed versions =========================== Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 4.9.337 with commit d308c4a035b636756786af91e5f39f9d92d7d42a Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 4.14.303 with commit 11e32126b3e56c3156fb610d793732acd2bdac4f Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 4.19.270 with commit ba9cc9e2035f7a45f5222543265daf7cd51f2530 Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 5.4.229 with commit 7a2c66429b04e85fee44d6d9f455327bf23cf49c Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 5.10.163 with commit d9b37ea8869e4e6da90c07a310d819a78cbd23d2 Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 5.15.86 with commit 441c05485cf1a29eef05c1fd8281716815283315 Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 6.0.16 with commit aa17a252dbde432095e390e2092205d4debb12e1 Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 6.1.2 with commit 0209e70ad496c1fcd85c2ec70e6736fd09f95d14 Issue introduced in 3.19 with commit cb1d3a336371e35c3920cc50a701c5403c255644 and fixed in 6.2 with commit 6e5e5defdb8b0186312c2f855ace175aee6daf9b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50509 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/chips-media/coda-bit.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d308c4a035b636756786af91e5f39f9d92d7d42a https://git.kernel.org/stable/c/11e32126b3e56c3156fb610d793732acd2bdac4f https://git.kernel.org/stable/c/ba9cc9e2035f7a45f5222543265daf7cd51f2530 https://git.kernel.org/stable/c/7a2c66429b04e85fee44d6d9f455327bf23cf49c https://git.kernel.org/stable/c/d9b37ea8869e4e6da90c07a310d819a78cbd23d2 https://git.kernel.org/stable/c/441c05485cf1a29eef05c1fd8281716815283315 https://git.kernel.org/stable/c/aa17a252dbde432095e390e2092205d4debb12e1 https://git.kernel.org/stable/c/0209e70ad496c1fcd85c2ec70e6736fd09f95d14 https://git.kernel.org/stable/c/6e5e5defdb8b0186312c2f855ace175aee6daf9b
Powered by blists - more mailing lists