cve/published/2022/CVE-2022-48724.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-48724: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()

 After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node
 unconditionally allocated"). For tear down scenario, fn is only freed
 after fail to allocate ir_domain, though it also should be freed in case
 dmar_enable_qi returns error.

 Besides free fn, irq_domain and ir_msi_domain need to be removed as well
 if intel_setup_irq_remapping fails to enable queued invalidation.

 Improve the rewinding path by add out_free_ir_domain and out_free_fwnode
 lables per Baolu's suggestion.

 The Linux kernel CVE team has assigned CVE-2022-48724 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.14.190 with commit 03992c88d71ba79d956f2ed54e370e630b8750f4 and fixed in 4.14.265 with commit a0c685ba99961b1dd894b2e470e692a539770f6d
 	Issue introduced in 4.19.135 with commit c0c489e5430530a7021f4c889cd5931597e4b200 and fixed in 4.19.228 with commit a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9
 	Issue introduced in 5.4.54 with commit 36f7355545725c5e9400520ae33e6ee16cf78c0e and fixed in 5.4.178 with commit 5c43d46daa0d2928234dd2792ebebc35d29ee2d1
 	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.10.99 with commit 9d9995b0371e4e8c18d4f955479e5d47efe7b2d4
 	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.15.22 with commit 336d096b62bdc673e852b6b80d5072d7888ce85d
 	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.16.8 with commit b62eceb5f8f08815fe3f945fc55bbf997c344ecd
 	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.17 with commit 99e675d473eb8cf2deac1376a0f840222fc1adcf
 	Issue introduced in 5.7.11 with commit b4198ecddb87cd955aa9e024dd656af5ceaf6196

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-48724
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/iommu/intel/irq_remapping.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d
 	https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9
 	https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1
 	https://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4
 	https://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d
 	https://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd
 	https://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-48724: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()

	After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node
	unconditionally allocated"). For tear down scenario, fn is only freed
	after fail to allocate ir_domain, though it also should be freed in case
	dmar_enable_qi returns error.

	Besides free fn, irq_domain and ir_msi_domain need to be removed as well
	if intel_setup_irq_remapping fails to enable queued invalidation.

	Improve the rewinding path by add out_free_ir_domain and out_free_fwnode
	lables per Baolu's suggestion.

	The Linux kernel CVE team has assigned CVE-2022-48724 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.14.190 with commit 03992c88d71ba79d956f2ed54e370e630b8750f4 and fixed in 4.14.265 with commit a0c685ba99961b1dd894b2e470e692a539770f6d
	Issue introduced in 4.19.135 with commit c0c489e5430530a7021f4c889cd5931597e4b200 and fixed in 4.19.228 with commit a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9
	Issue introduced in 5.4.54 with commit 36f7355545725c5e9400520ae33e6ee16cf78c0e and fixed in 5.4.178 with commit 5c43d46daa0d2928234dd2792ebebc35d29ee2d1
	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.10.99 with commit 9d9995b0371e4e8c18d4f955479e5d47efe7b2d4
	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.15.22 with commit 336d096b62bdc673e852b6b80d5072d7888ce85d
	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.16.8 with commit b62eceb5f8f08815fe3f945fc55bbf997c344ecd
	Issue introduced in 5.8 with commit e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb and fixed in 5.17 with commit 99e675d473eb8cf2deac1376a0f840222fc1adcf
	Issue introduced in 5.7.11 with commit b4198ecddb87cd955aa9e024dd656af5ceaf6196

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48724
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/iommu/intel/irq_remapping.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d
	https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9
	https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1
	https://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4
	https://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d
	https://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd
	https://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf