| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123046-CVE-2022-50856-af64@gregkh> Date: Tue, 30 Dec 2025 13:19:52 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50856: cifs: Fix xid leak in cifs_ses_add_channel() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_ses_add_channel() Before return, should free the xid, otherwise, the xid will be leaked. The Linux kernel CVE team has assigned CVE-2022-50856 to this issue. Affected and fixed versions =========================== Issue introduced in 5.5 with commit d70e9fa55884760b6d6c293dbf20d8c52ce11fb7 and fixed in 5.10.152 with commit 7286f875510486fdc2fc426b7c826262e2283a65 Issue introduced in 5.5 with commit d70e9fa55884760b6d6c293dbf20d8c52ce11fb7 and fixed in 5.15.76 with commit 847301f0ee1c29f34cc48547ce1071990f24969c Issue introduced in 5.5 with commit d70e9fa55884760b6d6c293dbf20d8c52ce11fb7 and fixed in 6.0.6 with commit db2a8b6c17e128d91f35d836c569f4a6bda4471b Issue introduced in 5.5 with commit d70e9fa55884760b6d6c293dbf20d8c52ce11fb7 and fixed in 6.1 with commit e909d054bdea75ef1ec48c18c5936affdaecbb2c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50856 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/cifs/sess.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7286f875510486fdc2fc426b7c826262e2283a65 https://git.kernel.org/stable/c/847301f0ee1c29f34cc48547ce1071990f24969c https://git.kernel.org/stable/c/db2a8b6c17e128d91f35d836c569f4a6bda4471b https://git.kernel.org/stable/c/e909d054bdea75ef1ec48c18c5936affdaecbb2c
Powered by blists - more mailing lists