cve/published/2021/CVE-2021-47330.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47330: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

 In the probe function, if the final 'serial_config()' fails, 'info' is
 leaking.

 Add a resource handling path to free this memory.

 The Linux kernel CVE team has assigned CVE-2021-47330 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.4.276 with commit b5a2799cd62ed30c81b22c23028d9ee374e2138c
 	Fixed in 4.9.276 with commit 331f5923fce4f45b8170ccf06c529e8eb28f37bc
 	Fixed in 4.14.240 with commit 34f4590f5ec9859ea9136249f528173d150bd584
 	Fixed in 4.19.198 with commit cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
 	Fixed in 5.4.134 with commit ee16bed959862a6de2913f71a04cb563d7237b67
 	Fixed in 5.10.52 with commit 7a80f71601af015856a0aeb1e3c294037ac3dd32
 	Fixed in 5.12.19 with commit c39cf4df19acf0133fa284a8cd83fad42cd13cc2
 	Fixed in 5.13.4 with commit b2ef1f5de40342de44fc5355321595f91774dab5
 	Fixed in 5.14 with commit fad92b11047a748c996ebd6cfb164a63814eeb2e

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47330
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/tty/serial/8250/serial_cs.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c
 	https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc
 	https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584
 	https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
 	https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67
 	https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32
 	https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2
 	https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5
 	https://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47330: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

	In the probe function, if the final 'serial_config()' fails, 'info' is
	leaking.

	Add a resource handling path to free this memory.

	The Linux kernel CVE team has assigned CVE-2021-47330 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.4.276 with commit b5a2799cd62ed30c81b22c23028d9ee374e2138c
	Fixed in 4.9.276 with commit 331f5923fce4f45b8170ccf06c529e8eb28f37bc
	Fixed in 4.14.240 with commit 34f4590f5ec9859ea9136249f528173d150bd584
	Fixed in 4.19.198 with commit cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
	Fixed in 5.4.134 with commit ee16bed959862a6de2913f71a04cb563d7237b67
	Fixed in 5.10.52 with commit 7a80f71601af015856a0aeb1e3c294037ac3dd32
	Fixed in 5.12.19 with commit c39cf4df19acf0133fa284a8cd83fad42cd13cc2
	Fixed in 5.13.4 with commit b2ef1f5de40342de44fc5355321595f91774dab5
	Fixed in 5.14 with commit fad92b11047a748c996ebd6cfb164a63814eeb2e

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47330
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/tty/serial/8250/serial_cs.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c
	https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc
	https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584
	https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
	https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67
	https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32
	https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2
	https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5
	https://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e