cve/published/2022/CVE-2022-49370.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49370: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle

 kobject_init_and_add() takes reference even when it fails.
 According to the doc of kobject_init_and_add()

    If this function returns an error, kobject_put() must be called to
    properly clean up the memory associated with the object.

 Fix this issue by calling kobject_put().

 The Linux kernel CVE team has assigned CVE-2022-49370 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.9.318 with commit a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.14.283 with commit ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.19.247 with commit c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.4.198 with commit a724634b2a49f6ff0177a9e19a5a92fc1545e1b7
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.10.122 with commit 985706bd3bbeffc8737bc05965ca8d24837bc7db
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.15.47 with commit fdffa4ad8f6bf1ece877edfb807f2b2c729d8578
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.17.15 with commit 3ba359ebe914ac3f8c6c832b28007c14c39d3766
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.18.4 with commit ec752973aa721ee281d5441e497364637c626c7b
 	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.19 with commit 660ba678f9998aca6db74f2dd912fa5124f0fa31

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49370
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/firmware/dmi-sysfs.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725
 	https://git.kernel.org/stable/c/ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef
 	https://git.kernel.org/stable/c/c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d
 	https://git.kernel.org/stable/c/a724634b2a49f6ff0177a9e19a5a92fc1545e1b7
 	https://git.kernel.org/stable/c/985706bd3bbeffc8737bc05965ca8d24837bc7db
 	https://git.kernel.org/stable/c/fdffa4ad8f6bf1ece877edfb807f2b2c729d8578
 	https://git.kernel.org/stable/c/3ba359ebe914ac3f8c6c832b28007c14c39d3766
 	https://git.kernel.org/stable/c/ec752973aa721ee281d5441e497364637c626c7b
 	https://git.kernel.org/stable/c/660ba678f9998aca6db74f2dd912fa5124f0fa31
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49370: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle

	kobject_init_and_add() takes reference even when it fails.
	According to the doc of kobject_init_and_add()

	If this function returns an error, kobject_put() must be called to
	properly clean up the memory associated with the object.

	Fix this issue by calling kobject_put().

	The Linux kernel CVE team has assigned CVE-2022-49370 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.9.318 with commit a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.14.283 with commit ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 4.19.247 with commit c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.4.198 with commit a724634b2a49f6ff0177a9e19a5a92fc1545e1b7
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.10.122 with commit 985706bd3bbeffc8737bc05965ca8d24837bc7db
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.15.47 with commit fdffa4ad8f6bf1ece877edfb807f2b2c729d8578
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.17.15 with commit 3ba359ebe914ac3f8c6c832b28007c14c39d3766
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.18.4 with commit ec752973aa721ee281d5441e497364637c626c7b
	Issue introduced in 2.6.39 with commit 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 and fixed in 5.19 with commit 660ba678f9998aca6db74f2dd912fa5124f0fa31

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49370
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/firmware/dmi-sysfs.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725
	https://git.kernel.org/stable/c/ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef
	https://git.kernel.org/stable/c/c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d
	https://git.kernel.org/stable/c/a724634b2a49f6ff0177a9e19a5a92fc1545e1b7
	https://git.kernel.org/stable/c/985706bd3bbeffc8737bc05965ca8d24837bc7db
	https://git.kernel.org/stable/c/fdffa4ad8f6bf1ece877edfb807f2b2c729d8578
	https://git.kernel.org/stable/c/3ba359ebe914ac3f8c6c832b28007c14c39d3766
	https://git.kernel.org/stable/c/ec752973aa721ee281d5441e497364637c626c7b
	https://git.kernel.org/stable/c/660ba678f9998aca6db74f2dd912fa5124f0fa31