| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120853-CVE-2022-50624-0011@gregkh> Date: Mon, 8 Dec 2025 10:17:01 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50624: net: netsec: fix error handling in netsec_register_mdio() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: netsec: fix error handling in netsec_register_mdio() If phy_device_register() fails, phy_device_free() need be called to put refcount, so memory of phy device and device name can be freed in callback function. If get_phy_device() fails, mdiobus_unregister() need be called, or it will cause warning in mdiobus_free() and kobject is leaked. The Linux kernel CVE team has assigned CVE-2022-50624 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit 533dd11a12f698c571a12271b20f235792d3e148 and fixed in 4.19.264 with commit 728884b22d83148a330b23f9472f1e118b589211 Issue introduced in 4.16 with commit 533dd11a12f698c571a12271b20f235792d3e148 and fixed in 5.4.223 with commit fda2d07234a21be4d71ebfe97a45f499726902d6 Issue introduced in 4.16 with commit 533dd11a12f698c571a12271b20f235792d3e148 and fixed in 5.10.153 with commit 62f0a08e82a6312efd7df7f595c0b11d4ffde610 Issue introduced in 4.16 with commit 533dd11a12f698c571a12271b20f235792d3e148 and fixed in 5.15.77 with commit 1e0bee973ef6fc3c1e3acb014515eaea37c8fa17 Issue introduced in 4.16 with commit 533dd11a12f698c571a12271b20f235792d3e148 and fixed in 6.0.7 with commit 846e677daf51220d7975c61a20e440a88473951e Issue introduced in 4.16 with commit 533dd11a12f698c571a12271b20f235792d3e148 and fixed in 6.1 with commit 94423589689124e8cd145b38a1034be7f25835b2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50624 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/socionext/netsec.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/728884b22d83148a330b23f9472f1e118b589211 https://git.kernel.org/stable/c/fda2d07234a21be4d71ebfe97a45f499726902d6 https://git.kernel.org/stable/c/62f0a08e82a6312efd7df7f595c0b11d4ffde610 https://git.kernel.org/stable/c/1e0bee973ef6fc3c1e3acb014515eaea37c8fa17 https://git.kernel.org/stable/c/846e677daf51220d7975c61a20e440a88473951e https://git.kernel.org/stable/c/94423589689124e8cd145b38a1034be7f25835b2
Powered by blists - more mailing lists