| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120936-CVE-2022-50642-6975@gregkh> Date: Tue, 9 Dec 2025 09:01:43 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50642: platform/chrome: cros_ec_typec: zero out stale pointers From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: zero out stale pointers `cros_typec_get_switch_handles` allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in `port` become stale. The stale pointers eventually cause use-after-free or double free in later code paths. Zeroing out all pointer fields after freeing to eliminate these stale pointers. The Linux kernel CVE team has assigned CVE-2022-50642 to this issue. Affected and fixed versions =========================== Issue introduced in 5.9 with commit f28adb41dab4a2795fd959750df57adffd2bb0be and fixed in 5.15.86 with commit 0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40 Issue introduced in 5.9 with commit f28adb41dab4a2795fd959750df57adffd2bb0be and fixed in 6.0.16 with commit b610758bb3e0674644c1255cdafc2f46b7e05ff9 Issue introduced in 5.9 with commit f28adb41dab4a2795fd959750df57adffd2bb0be and fixed in 6.1.2 with commit 6613f36a2fa5c69e528bccba8b3d831f759dad2f Issue introduced in 5.9 with commit f28adb41dab4a2795fd959750df57adffd2bb0be and fixed in 6.2 with commit 9a8aadcf0b459c1257b9477fd6402e1d5952ae07 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50642 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/platform/chrome/cros_ec_typec.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40 https://git.kernel.org/stable/c/b610758bb3e0674644c1255cdafc2f46b7e05ff9 https://git.kernel.org/stable/c/6613f36a2fa5c69e528bccba8b3d831f759dad2f https://git.kernel.org/stable/c/9a8aadcf0b459c1257b9477fd6402e1d5952ae07
Powered by blists - more mailing lists