| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050238-gents-policy-dc22@gregkh> Date: Fri, 2 May 2025 07:35:45 +0200 From: Greg KH <greg@...ah.com> To: Jürgen Groß <jgross@...e.com> Cc: cve@...nel.org, linux-kernel@...r.kernel.org Subject: Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu() On Thu, May 01, 2025 at 08:19:47PM +0200, Jürgen Groß wrote: > On 01.05.25 16:10, Greg Kroah-Hartman wrote: > > From: Greg Kroah-Hartman <gregkh@...nel.org> > > > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > xen/pcpu: fix possible memory leak in register_pcpu() > > > > In device_add(), dev_set_name() is called to allocate name, if it returns > > error, the name need be freed. As comment of device_register() says, it > > should use put_device() to give up the reference in the error path. So fix > > this by calling put_device(), then the name can be freed in kobject_cleanup(). > > > > The Linux kernel CVE team has assigned CVE-2022-49816 to this issue. > > Please revoke this CVE. > > The issue can in no way be triggered by an unprivileged user. > > The memory leak could happen only either during boot of dom0, or when > hotplugging a physical CPU to a Xen server. Now rejected, thanks. greg k-h
Powered by blists - more mailing lists