| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100754-CVE-2022-50537-897a@gregkh> Date: Tue, 7 Oct 2025 17:20:55 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50537: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'fw' will not be freed through rpi_firmware_delete(), fix this leak by calling kfree() in the error path. The Linux kernel CVE team has assigned CVE-2022-50537 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.65 with commit 60831f5ae6c713afceb6d29f40899ed112f36059 and fixed in 5.10.163 with commit d34742245e4366579f9a80f8cfe4a63248e838e0 Issue introduced in 5.13 with commit 1e7c57355a3bc617fc220234889e49fe722a6305 and fixed in 5.15.86 with commit b308fdedef095aac14569f810d46edf773ea7d1e Issue introduced in 5.13 with commit 1e7c57355a3bc617fc220234889e49fe722a6305 and fixed in 6.0.16 with commit 6757dd2193fe18c5c5fe3050e7f2ff9dcbd1ff34 Issue introduced in 5.13 with commit 1e7c57355a3bc617fc220234889e49fe722a6305 and fixed in 6.1.2 with commit 71d2abab374f707ab8ac8dcef191fd2b3b67b8bd Issue introduced in 5.13 with commit 1e7c57355a3bc617fc220234889e49fe722a6305 and fixed in 6.2 with commit 7b51161696e803fd5f9ad55b20a64c2df313f95c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50537 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/firmware/raspberrypi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/62ac943eb2a9d655e431b9bc98ff6d7bd51a0e49 https://git.kernel.org/stable/c/d34742245e4366579f9a80f8cfe4a63248e838e0 https://git.kernel.org/stable/c/b308fdedef095aac14569f810d46edf773ea7d1e https://git.kernel.org/stable/c/6757dd2193fe18c5c5fe3050e7f2ff9dcbd1ff34 https://git.kernel.org/stable/c/71d2abab374f707ab8ac8dcef191fd2b3b67b8bd https://git.kernel.org/stable/c/7b51161696e803fd5f9ad55b20a64c2df313f95c
Powered by blists - more mailing lists