cve/published/2022/CVE-2022-49191.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49191: mxser: fix xmit_buf leak in activate when LSR == 0xff

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 mxser: fix xmit_buf leak in activate when LSR == 0xff

 When LSR is 0xff in ->activate() (rather unlike), we return an error.
 Provided ->shutdown() is not called when ->activate() fails, nothing
 actually frees the buffer in this case.

 Fix this by properly freeing the buffer in a designated label. We jump
 there also from the "!info->type" if now too.

 The Linux kernel CVE team has assigned CVE-2022-49191 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.9.311 with commit 376922045009f8ea2d20a8fa3475e95b47c41690
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.14.276 with commit 125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.19.238 with commit 685b6d16bf89595310b5d61394c9b97cc9505c7c
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.4.189 with commit 996291d06851a26678a0fab488b6e1f0677c0576
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.10.110 with commit 2cd05c38a27bee7fb42aa4d43174d68ac55dac0f
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.15.33 with commit b125b08dbee3611f03f53b71471813ed4ccafcdd
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.16.19 with commit 6c9041b2f90c0eace73106f22350e1d2c98f5edc
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.17.2 with commit 6dffc2035fbaada60ca8db59e0962e34f760370a
 	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.18 with commit cd3a4907ee334b40d7aa880c7ab310b154fd5cd4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49191
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/tty/mxser.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/376922045009f8ea2d20a8fa3475e95b47c41690
 	https://git.kernel.org/stable/c/125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d
 	https://git.kernel.org/stable/c/685b6d16bf89595310b5d61394c9b97cc9505c7c
 	https://git.kernel.org/stable/c/996291d06851a26678a0fab488b6e1f0677c0576
 	https://git.kernel.org/stable/c/2cd05c38a27bee7fb42aa4d43174d68ac55dac0f
 	https://git.kernel.org/stable/c/b125b08dbee3611f03f53b71471813ed4ccafcdd
 	https://git.kernel.org/stable/c/6c9041b2f90c0eace73106f22350e1d2c98f5edc
 	https://git.kernel.org/stable/c/6dffc2035fbaada60ca8db59e0962e34f760370a
 	https://git.kernel.org/stable/c/cd3a4907ee334b40d7aa880c7ab310b154fd5cd4
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49191: mxser: fix xmit_buf leak in activate when LSR == 0xff

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	mxser: fix xmit_buf leak in activate when LSR == 0xff

	When LSR is 0xff in ->activate() (rather unlike), we return an error.
	Provided ->shutdown() is not called when ->activate() fails, nothing
	actually frees the buffer in this case.

	Fix this by properly freeing the buffer in a designated label. We jump
	there also from the "!info->type" if now too.

	The Linux kernel CVE team has assigned CVE-2022-49191 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.9.311 with commit 376922045009f8ea2d20a8fa3475e95b47c41690
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.14.276 with commit 125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 4.19.238 with commit 685b6d16bf89595310b5d61394c9b97cc9505c7c
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.4.189 with commit 996291d06851a26678a0fab488b6e1f0677c0576
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.10.110 with commit 2cd05c38a27bee7fb42aa4d43174d68ac55dac0f
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.15.33 with commit b125b08dbee3611f03f53b71471813ed4ccafcdd
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.16.19 with commit 6c9041b2f90c0eace73106f22350e1d2c98f5edc
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.17.2 with commit 6dffc2035fbaada60ca8db59e0962e34f760370a
	Issue introduced in 2.6.33 with commit 6769140d304731f0a3b177470a2adb4bacd9036b and fixed in 5.18 with commit cd3a4907ee334b40d7aa880c7ab310b154fd5cd4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49191
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/tty/mxser.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/376922045009f8ea2d20a8fa3475e95b47c41690
	https://git.kernel.org/stable/c/125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d
	https://git.kernel.org/stable/c/685b6d16bf89595310b5d61394c9b97cc9505c7c
	https://git.kernel.org/stable/c/996291d06851a26678a0fab488b6e1f0677c0576
	https://git.kernel.org/stable/c/2cd05c38a27bee7fb42aa4d43174d68ac55dac0f
	https://git.kernel.org/stable/c/b125b08dbee3611f03f53b71471813ed4ccafcdd
	https://git.kernel.org/stable/c/6c9041b2f90c0eace73106f22350e1d2c98f5edc
	https://git.kernel.org/stable/c/6dffc2035fbaada60ca8db59e0962e34f760370a
	https://git.kernel.org/stable/c/cd3a4907ee334b40d7aa880c7ab310b154fd5cd4