cve/published/2022/CVE-2022-49091.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49091: drm/imx: Fix memory leak in imx_pd_connector_get_modes

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm/imx: Fix memory leak in imx_pd_connector_get_modes

 Avoid leaking the display mode variable if of_get_drm_display_mode
 fails.

 Addresses-Coverity-ID: 1443943 ("Resource leak")

 The Linux kernel CVE team has assigned CVE-2022-49091 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 4.9.311 with commit d2c2758cfb0262637fd93350bdc8ad485fb1dd61
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 4.14.276 with commit 38bf605bd8c83d942c8dcffaef3633b7d8b37549
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 4.19.238 with commit 41624d7c0c3df71dee170c610744aaa5909327b8
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.4.189 with commit c539a6a5896ed92bfb91494e46996d013f3d5967
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.10.111 with commit f8b0ef0a5889890b50482b6593bd8de544736351
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.15.34 with commit 31e449302ed00c38d4068443cf0243279701ab28
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.16.20 with commit bc23c327e1a23cc3555fa1e86288e13288515442
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.17.3 with commit 7526102d908ec5ae777aa77723d52fce12916093
 	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.18 with commit bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49091
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/imx/parallel-display.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d2c2758cfb0262637fd93350bdc8ad485fb1dd61
 	https://git.kernel.org/stable/c/38bf605bd8c83d942c8dcffaef3633b7d8b37549
 	https://git.kernel.org/stable/c/41624d7c0c3df71dee170c610744aaa5909327b8
 	https://git.kernel.org/stable/c/c539a6a5896ed92bfb91494e46996d013f3d5967
 	https://git.kernel.org/stable/c/f8b0ef0a5889890b50482b6593bd8de544736351
 	https://git.kernel.org/stable/c/31e449302ed00c38d4068443cf0243279701ab28
 	https://git.kernel.org/stable/c/bc23c327e1a23cc3555fa1e86288e13288515442
 	https://git.kernel.org/stable/c/7526102d908ec5ae777aa77723d52fce12916093
 	https://git.kernel.org/stable/c/bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49091: drm/imx: Fix memory leak in imx_pd_connector_get_modes

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm/imx: Fix memory leak in imx_pd_connector_get_modes

	Avoid leaking the display mode variable if of_get_drm_display_mode
	fails.

	Addresses-Coverity-ID: 1443943 ("Resource leak")

	The Linux kernel CVE team has assigned CVE-2022-49091 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 4.9.311 with commit d2c2758cfb0262637fd93350bdc8ad485fb1dd61
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 4.14.276 with commit 38bf605bd8c83d942c8dcffaef3633b7d8b37549
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 4.19.238 with commit 41624d7c0c3df71dee170c610744aaa5909327b8
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.4.189 with commit c539a6a5896ed92bfb91494e46996d013f3d5967
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.10.111 with commit f8b0ef0a5889890b50482b6593bd8de544736351
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.15.34 with commit 31e449302ed00c38d4068443cf0243279701ab28
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.16.20 with commit bc23c327e1a23cc3555fa1e86288e13288515442
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.17.3 with commit 7526102d908ec5ae777aa77723d52fce12916093
	Issue introduced in 4.8 with commit 76ecd9c9fb24b014a6f33fbb1287ede3be12158b and fixed in 5.18 with commit bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49091
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/imx/parallel-display.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d2c2758cfb0262637fd93350bdc8ad485fb1dd61
	https://git.kernel.org/stable/c/38bf605bd8c83d942c8dcffaef3633b7d8b37549
	https://git.kernel.org/stable/c/41624d7c0c3df71dee170c610744aaa5909327b8
	https://git.kernel.org/stable/c/c539a6a5896ed92bfb91494e46996d013f3d5967
	https://git.kernel.org/stable/c/f8b0ef0a5889890b50482b6593bd8de544736351
	https://git.kernel.org/stable/c/31e449302ed00c38d4068443cf0243279701ab28
	https://git.kernel.org/stable/c/bc23c327e1a23cc3555fa1e86288e13288515442
	https://git.kernel.org/stable/c/7526102d908ec5ae777aa77723d52fce12916093
	https://git.kernel.org/stable/c/bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3