cve/published/2021/CVE-2021-47416.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47416: phy: mdio: fix memory leak

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 phy: mdio: fix memory leak

 Syzbot reported memory leak in MDIO bus interface, the problem was in
 wrong state logic.

 MDIOBUS_ALLOCATED indicates 2 states:
 	1. Bus is only allocated
 	2. Bus allocated and __mdiobus_register() fails, but
 	   device_register() was called

 In case of device_register() has been called we should call put_device()
 to correctly free the memory allocated for this device, but mdiobus_free()
 calls just kfree(dev) in case of MDIOBUS_ALLOCATED state

 To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
 _before_ calling device_register(), because put_device() should be
 called even in case of device_register() failure.

 The Linux kernel CVE team has assigned CVE-2021-47416 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.4.289 with commit 25e9f88c7e3cc35f5e3d3db199660d28a15df639
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.9.287 with commit 2250392d930bd0d989f24d355d6355b0150256e7
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.14.251 with commit f4f502a04ee1e543825af78f47eb7785015cd9f6
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.19.211 with commit 2397b9e118721292429fea8807a698e71b94795f
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.4.153 with commit 414bb4ead1362ef2c8592db723c017258f213988
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.10.73 with commit 0d2dd40a7be61b89a7c99dae8ee96389d27b413a
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.14.12 with commit 064c2616234a7394867c924b5c1303974f3a4f4d
 	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.15 with commit ca6e11c337daf7925ff8a2aac8e84490a8691905

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47416
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/phy/mdio_bus.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639
 	https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7
 	https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6
 	https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f
 	https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988
 	https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a
 	https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d
 	https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47416: phy: mdio: fix memory leak

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	phy: mdio: fix memory leak

	Syzbot reported memory leak in MDIO bus interface, the problem was in
	wrong state logic.

	MDIOBUS_ALLOCATED indicates 2 states:
	1. Bus is only allocated
	2. Bus allocated and __mdiobus_register() fails, but
	device_register() was called

	In case of device_register() has been called we should call put_device()
	to correctly free the memory allocated for this device, but mdiobus_free()
	calls just kfree(dev) in case of MDIOBUS_ALLOCATED state

	To avoid this behaviour we need to set bus->state to MDIOBUS_UNREGISTERED
	_before_ calling device_register(), because put_device() should be
	called even in case of device_register() failure.

	The Linux kernel CVE team has assigned CVE-2021-47416 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.4.289 with commit 25e9f88c7e3cc35f5e3d3db199660d28a15df639
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.9.287 with commit 2250392d930bd0d989f24d355d6355b0150256e7
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.14.251 with commit f4f502a04ee1e543825af78f47eb7785015cd9f6
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 4.19.211 with commit 2397b9e118721292429fea8807a698e71b94795f
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.4.153 with commit 414bb4ead1362ef2c8592db723c017258f213988
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.10.73 with commit 0d2dd40a7be61b89a7c99dae8ee96389d27b413a
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.14.12 with commit 064c2616234a7394867c924b5c1303974f3a4f4d
	Issue introduced in 2.6.28 with commit 46abc02175b3c246dd5141d878f565a8725060c9 and fixed in 5.15 with commit ca6e11c337daf7925ff8a2aac8e84490a8691905

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47416
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/phy/mdio_bus.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639
	https://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7
	https://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6
	https://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f
	https://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988
	https://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a
	https://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d
	https://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905