cve/published/2022/CVE-2022-48928.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-48928: iio: adc: men_z188_adc: Fix a resource leak in an error handling path

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 iio: adc: men_z188_adc: Fix a resource leak in an error handling path

 If iio_device_register() fails, a previous ioremap() is left unbalanced.

 Update the error handling path and add the missing iounmap() call, as
 already done in the remove function.

 The Linux kernel CVE team has assigned CVE-2022-48928 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 4.9.304 with commit 0f88722313645a903f4d420ba61ddc690ec2481d
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 4.14.269 with commit c5723b422f564af15f2e3bc0592fd6376a0a6c45
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 4.19.232 with commit 53d43a9c8dd224e66559fe86af1e473802c7130e
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.4.182 with commit ce1076b33e299dc8d270e4450a420a18bfb3e190
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.10.103 with commit 1aa12ecfdcbafebc218910ec47acf6262e600cf5
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.15.26 with commit fe73477802981bd0d0d70f2b22f109bcca801bdb
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.16.12 with commit d6ed5426a7fad36cf928c244483ba24e72359638
 	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.17 with commit e0a2e37f303828d030a83f33ffe14b36cb88d563

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-48928
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/iio/adc/men_z188_adc.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d
 	https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45
 	https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e
 	https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190
 	https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5
 	https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb
 	https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638
 	https://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-48928: iio: adc: men_z188_adc: Fix a resource leak in an error handling path

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	iio: adc: men_z188_adc: Fix a resource leak in an error handling path

	If iio_device_register() fails, a previous ioremap() is left unbalanced.

	Update the error handling path and add the missing iounmap() call, as
	already done in the remove function.

	The Linux kernel CVE team has assigned CVE-2022-48928 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 4.9.304 with commit 0f88722313645a903f4d420ba61ddc690ec2481d
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 4.14.269 with commit c5723b422f564af15f2e3bc0592fd6376a0a6c45
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 4.19.232 with commit 53d43a9c8dd224e66559fe86af1e473802c7130e
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.4.182 with commit ce1076b33e299dc8d270e4450a420a18bfb3e190
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.10.103 with commit 1aa12ecfdcbafebc218910ec47acf6262e600cf5
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.15.26 with commit fe73477802981bd0d0d70f2b22f109bcca801bdb
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.16.12 with commit d6ed5426a7fad36cf928c244483ba24e72359638
	Issue introduced in 3.15 with commit 74aeac4da66fbfa246edbfc849002eac9b5af9ca and fixed in 5.17 with commit e0a2e37f303828d030a83f33ffe14b36cb88d563

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48928
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/iio/adc/men_z188_adc.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d
	https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45
	https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e
	https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190
	https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5
	https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb
	https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638
	https://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563