lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2025050238-gents-policy-dc22@gregkh>
Date: Fri, 2 May 2025 07:35:45 +0200
From: Greg KH <greg@...ah.com>
To: Jürgen Groß <jgross@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in
 register_pcpu()

On Thu, May 01, 2025 at 08:19:47PM +0200, Jürgen Groß wrote:
> On 01.05.25 16:10, Greg Kroah-Hartman wrote:
> > From: Greg Kroah-Hartman <gregkh@...nel.org>
> > 
> > Description
> > ===========
> > 
> > In the Linux kernel, the following vulnerability has been resolved:
> > 
> > xen/pcpu: fix possible memory leak in register_pcpu()
> > 
> > In device_add(), dev_set_name() is called to allocate name, if it returns
> > error, the name need be freed. As comment of device_register() says, it
> > should use put_device() to give up the reference in the error path. So fix
> > this by calling put_device(), then the name can be freed in kobject_cleanup().
> > 
> > The Linux kernel CVE team has assigned CVE-2022-49816 to this issue.
> 
> Please revoke this CVE.
> 
> The issue can in no way be triggered by an unprivileged user.
> 
> The memory leak could happen only either during boot of dom0, or when
> hotplugging a physical CPU to a Xen server.

Now rejected, thanks.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ