| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122400-CVE-2022-50776-f275@gregkh> Date: Wed, 24 Dec 2025 14:06:27 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50776: clk: st: Fix memory leak in st_of_quadfs_setup() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in st_of_quadfs_setup() If st_clk_register_quadfs_pll() fails, @lock should be freed before goto @err_exit, otherwise will cause meory leak issue, fix it. The Linux kernel CVE team has assigned CVE-2022-50776 to this issue. Affected and fixed versions =========================== Fixed in 4.9.337 with commit 081538ae5817631a2b99e8e75cce981060aab29f Fixed in 4.14.303 with commit f0295209de457049a4a5f3e3985528391bd1ab34 Fixed in 4.19.270 with commit be03875007621fcee96e6f9fd7b9e59c8dfcf6fa Fixed in 5.4.229 with commit 713ad301c2d49e88fe586b57ebac8f220a98e162 Fixed in 5.10.163 with commit efd025f32fce27a8ada9bcb4731e8a84476e5b3d Fixed in 5.15.86 with commit adf6a00859d014cecf046dc91f75c0e65a544360 Fixed in 6.0.16 with commit 335ef7546c77e63154d6ea4d603b11274a85900e Fixed in 6.1.2 with commit f4731395d6db850127634197863aede188d8e9de Fixed in 6.2 with commit cfd3ffb36f0d566846163118651d868e607300ba Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50776 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/clk/st/clkgen-fsyn.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/081538ae5817631a2b99e8e75cce981060aab29f https://git.kernel.org/stable/c/f0295209de457049a4a5f3e3985528391bd1ab34 https://git.kernel.org/stable/c/be03875007621fcee96e6f9fd7b9e59c8dfcf6fa https://git.kernel.org/stable/c/713ad301c2d49e88fe586b57ebac8f220a98e162 https://git.kernel.org/stable/c/efd025f32fce27a8ada9bcb4731e8a84476e5b3d https://git.kernel.org/stable/c/adf6a00859d014cecf046dc91f75c0e65a544360 https://git.kernel.org/stable/c/335ef7546c77e63154d6ea4d603b11274a85900e https://git.kernel.org/stable/c/f4731395d6db850127634197863aede188d8e9de https://git.kernel.org/stable/c/cfd3ffb36f0d566846163118651d868e607300ba
Powered by blists - more mailing lists