| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123017-CVE-2022-50824-8dc8@gregkh> Date: Tue, 30 Dec 2025 13:09:28 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50824: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak In check_acpi_tpm2(), we get the TPM2 table just to make sure the table is there, not used after the init, so the acpi_put_table() should be added to release the ACPI memory. The Linux kernel CVE team has assigned CVE-2022-50824 to this issue. Affected and fixed versions =========================== Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 4.14.303 with commit 8bc6c10d3f389693410adb14b4e9deec01ff6334 Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 4.19.270 with commit de667a2704ae799f697fd45cf4317623d8c79fb7 Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 5.4.229 with commit e027f3b9fabd2b410a4e6a7651e7a45b87019f23 Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 5.10.163 with commit 3b6c822238da9ee8984803355601bcc603d49cb5 Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 5.15.87 with commit 43135fb098126ef2cd6ed584900fd7bfa25f95ce Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 6.0.17 with commit e0d1cf8ef84bb14a673215699fb8acc187aa2c4a Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 6.1.3 with commit e60fa800a32a693d672b1a091424d780278c4587 Issue introduced in 4.13 with commit 4cb586a188d468e05649575f0689dd2bf8c122e6 and fixed in 6.2 with commit db9622f762104459ff87ecdf885cc42c18053fd9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50824 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/char/tpm/tpm_tis.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8bc6c10d3f389693410adb14b4e9deec01ff6334 https://git.kernel.org/stable/c/de667a2704ae799f697fd45cf4317623d8c79fb7 https://git.kernel.org/stable/c/e027f3b9fabd2b410a4e6a7651e7a45b87019f23 https://git.kernel.org/stable/c/3b6c822238da9ee8984803355601bcc603d49cb5 https://git.kernel.org/stable/c/43135fb098126ef2cd6ed584900fd7bfa25f95ce https://git.kernel.org/stable/c/e0d1cf8ef84bb14a673215699fb8acc187aa2c4a https://git.kernel.org/stable/c/e60fa800a32a693d672b1a091424d780278c4587 https://git.kernel.org/stable/c/db9622f762104459ff87ecdf885cc42c18053fd9
Powered by blists - more mailing lists