cve/published/2022/CVE-2022-49397.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49397: phy: qcom-qmp: fix struct clk leak on probe errors

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 phy: qcom-qmp: fix struct clk leak on probe errors

 Make sure to release the pipe clock reference in case of a late probe
 error (e.g. probe deferral).

 The Linux kernel CVE team has assigned CVE-2022-49397 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 4.14.283 with commit b999d48b0869b8599de532ff6081575a7ab5358a
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 4.19.247 with commit 621a4bcfb7aa031e7760d7b156bad7a45df58387
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.4.198 with commit 1668ad103679306ba2ef37f758d704e58a3ef1a0
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.10.121 with commit 6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.15.46 with commit b246695636a861a09f0e2cde92bb2dd8f114f024
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.17.14 with commit f8d23895a41243c6a8dbf392e531fff9497bb023
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.18.3 with commit ad9b0fad02f9b3a06ad5ac7df11f244e316a6254
 	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.19 with commit f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49397
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/phy/qualcomm/phy-qcom-qmp.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b999d48b0869b8599de532ff6081575a7ab5358a
 	https://git.kernel.org/stable/c/621a4bcfb7aa031e7760d7b156bad7a45df58387
 	https://git.kernel.org/stable/c/1668ad103679306ba2ef37f758d704e58a3ef1a0
 	https://git.kernel.org/stable/c/6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4
 	https://git.kernel.org/stable/c/b246695636a861a09f0e2cde92bb2dd8f114f024
 	https://git.kernel.org/stable/c/f8d23895a41243c6a8dbf392e531fff9497bb023
 	https://git.kernel.org/stable/c/ad9b0fad02f9b3a06ad5ac7df11f244e316a6254
 	https://git.kernel.org/stable/c/f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49397: phy: qcom-qmp: fix struct clk leak on probe errors

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	phy: qcom-qmp: fix struct clk leak on probe errors

	Make sure to release the pipe clock reference in case of a late probe
	error (e.g. probe deferral).

	The Linux kernel CVE team has assigned CVE-2022-49397 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 4.14.283 with commit b999d48b0869b8599de532ff6081575a7ab5358a
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 4.19.247 with commit 621a4bcfb7aa031e7760d7b156bad7a45df58387
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.4.198 with commit 1668ad103679306ba2ef37f758d704e58a3ef1a0
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.10.121 with commit 6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.15.46 with commit b246695636a861a09f0e2cde92bb2dd8f114f024
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.17.14 with commit f8d23895a41243c6a8dbf392e531fff9497bb023
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.18.3 with commit ad9b0fad02f9b3a06ad5ac7df11f244e316a6254
	Issue introduced in 4.12 with commit e78f3d15e115e8e764d4b1562b4fa538f2e22f6b and fixed in 5.19 with commit f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49397
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/phy/qualcomm/phy-qcom-qmp.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b999d48b0869b8599de532ff6081575a7ab5358a
	https://git.kernel.org/stable/c/621a4bcfb7aa031e7760d7b156bad7a45df58387
	https://git.kernel.org/stable/c/1668ad103679306ba2ef37f758d704e58a3ef1a0
	https://git.kernel.org/stable/c/6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4
	https://git.kernel.org/stable/c/b246695636a861a09f0e2cde92bb2dd8f114f024
	https://git.kernel.org/stable/c/f8d23895a41243c6a8dbf392e531fff9497bb023
	https://git.kernel.org/stable/c/ad9b0fad02f9b3a06ad5ac7df11f244e316a6254
	https://git.kernel.org/stable/c/f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df