| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123013-CVE-2022-50810-1d1c@gregkh> Date: Tue, 30 Dec 2025 13:09:14 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50810: rapidio: devices: fix missing put_device in mport_cdev_open From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: rapidio: devices: fix missing put_device in mport_cdev_open When kfifo_alloc fails, the refcount of chdev->dev is left incremental. We should use put_device(&chdev->dev) to decrease the ref count of chdev->dev to avoid refcount leak. The Linux kernel CVE team has assigned CVE-2022-50810 to this issue. Affected and fixed versions =========================== Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 4.9.337 with commit 6e4540e0970030e140998ce8847f5f0171b5afa1 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 4.14.303 with commit ae57222402bea455e60cc51d2f52ce73b63b7af8 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 4.19.270 with commit dfee9fe93dd34cd9d49520718f6ec2072de25e48 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 5.4.229 with commit bb7397f6312d2cbf05e415676ed5b1655cb82a34 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 5.10.163 with commit 53915ecc43c5139d6cdd1caa4fdc9290b9597008 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 5.15.86 with commit a0d93aac54ce07a7cc71e90645d0cdabbda50450 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 6.0.16 with commit 162433a96079bfa5ec748c486b4570f138d04fb5 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 6.1.2 with commit b596242585984b5f3085aa8f7a82c65640b384b6 Issue introduced in 4.6 with commit e8de370188d098bb49483c287b44925957c3c9b6 and fixed in 6.2 with commit d5b6e6eba3af11cb2a2791fa36a2524990fcde1a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50810 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/rapidio/devices/rio_mport_cdev.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6e4540e0970030e140998ce8847f5f0171b5afa1 https://git.kernel.org/stable/c/ae57222402bea455e60cc51d2f52ce73b63b7af8 https://git.kernel.org/stable/c/dfee9fe93dd34cd9d49520718f6ec2072de25e48 https://git.kernel.org/stable/c/bb7397f6312d2cbf05e415676ed5b1655cb82a34 https://git.kernel.org/stable/c/53915ecc43c5139d6cdd1caa4fdc9290b9597008 https://git.kernel.org/stable/c/a0d93aac54ce07a7cc71e90645d0cdabbda50450 https://git.kernel.org/stable/c/162433a96079bfa5ec748c486b4570f138d04fb5 https://git.kernel.org/stable/c/b596242585984b5f3085aa8f7a82c65640b384b6 https://git.kernel.org/stable/c/d5b6e6eba3af11cb2a2791fa36a2524990fcde1a
Powered by blists - more mailing lists