cve/published/2022/CVE-2022-49442.mbox

From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2022-49442: drivers/base/node.c: fix compaction sysfs file leak

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

drivers/base/node.c: fix compaction sysfs file leak

Compaction sysfs file is created via compaction_register_node in
register_node.  But we forgot to remove it in unregister_node.  Thus
compaction sysfs file is leaked.  Using compaction_unregister_node to fix
this issue.

The Linux kernel CVE team has assigned CVE-2022-49442 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 4.9.318 with commit 39642b0feddb9c39faa6de469a94bfeb4dc0d3a9
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 4.14.283 with commit 606732650a2c88e66c59c22dd5464ea0d820250e
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 4.19.247 with commit f76ddc8fcf6d81fe89bfa4d3efcbc4fe69a91d48
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 5.4.198 with commit 386e69e068177ee91cac27f2f0e6ebda1515f5ca
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 5.10.121 with commit d8a5bdc767f17281da648555cdbd286f98fd98ee
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 5.15.46 with commit b3fcf1f583b1a0946d9d9bfb7362c9c186801775
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 5.17.14 with commit 466134df7561aeb801baddf6666b512e0e1a1707
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 5.18.3 with commit 6905be93d1ab54f73718047536fec0ca488d5315
	Issue introduced in 2.6.35 with commit ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 and fixed in 5.19 with commit da63dc84befaa9e6079a0bc363ff0eaa975f9073

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49442
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/base/node.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/39642b0feddb9c39faa6de469a94bfeb4dc0d3a9
	https://git.kernel.org/stable/c/606732650a2c88e66c59c22dd5464ea0d820250e
	https://git.kernel.org/stable/c/f76ddc8fcf6d81fe89bfa4d3efcbc4fe69a91d48
	https://git.kernel.org/stable/c/386e69e068177ee91cac27f2f0e6ebda1515f5ca
	https://git.kernel.org/stable/c/d8a5bdc767f17281da648555cdbd286f98fd98ee
	https://git.kernel.org/stable/c/b3fcf1f583b1a0946d9d9bfb7362c9c186801775
	https://git.kernel.org/stable/c/466134df7561aeb801baddf6666b512e0e1a1707
	https://git.kernel.org/stable/c/6905be93d1ab54f73718047536fec0ca488d5315
	https://git.kernel.org/stable/c/da63dc84befaa9e6079a0bc363ff0eaa975f9073