[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2025050238-gents-policy-dc22@gregkh>
Date: Fri, 2 May 2025 07:35:45 +0200
From: Greg KH <greg@...ah.com>
To: Jürgen Groß <jgross@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in
register_pcpu()
On Thu, May 01, 2025 at 08:19:47PM +0200, Jürgen Groß wrote:
> On 01.05.25 16:10, Greg Kroah-Hartman wrote:
> > From: Greg Kroah-Hartman <gregkh@...nel.org>
> >
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > xen/pcpu: fix possible memory leak in register_pcpu()
> >
> > In device_add(), dev_set_name() is called to allocate name, if it returns
> > error, the name need be freed. As comment of device_register() says, it
> > should use put_device() to give up the reference in the error path. So fix
> > this by calling put_device(), then the name can be freed in kobject_cleanup().
> >
> > The Linux kernel CVE team has assigned CVE-2022-49816 to this issue.
>
> Please revoke this CVE.
>
> The issue can in no way be triggered by an unprivileged user.
>
> The memory leak could happen only either during boot of dom0, or when
> hotplugging a physical CPU to a Xen server.
Now rejected, thanks.
greg k-h
Powered by blists - more mailing lists