cve/published/2022/CVE-2022-49447.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49447: ARM: hisi: Add missing of_node_put after of_find_compatible_node

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ARM: hisi: Add missing of_node_put after of_find_compatible_node

 of_find_compatible_node  will increment the refcount of the returned
 device_node. Calling of_node_put() to avoid the refcount leak

 The Linux kernel CVE team has assigned CVE-2022-49447 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.9.318 with commit 46cb7868811d025c3d29c10d18b3422db1cf20d5
 	Fixed in 4.14.283 with commit f8da78b2bae1f54746647a2bb44f8bd6025c57af
 	Fixed in 4.19.247 with commit dd4be8ecfb41a29e7c4e551b4e866157ce4a3429
 	Fixed in 5.4.198 with commit e109058165137ef42841abd989f080adfefa14fa
 	Fixed in 5.10.121 with commit 21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d
 	Fixed in 5.15.46 with commit a3265a9440030068547a20dfee646666f3ca5278
 	Fixed in 5.17.14 with commit cafaaae4bb9ce84a2791fa29bf6907a9466c3883
 	Fixed in 5.18.3 with commit 45d211668d33c49d73f5213e8c2b58468108647c
 	Fixed in 5.19 with commit 9bc72e47d4630d58a840a66a869c56b29554cfe4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49447
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/arm/mach-hisi/platsmp.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5
 	https://git.kernel.org/stable/c/f8da78b2bae1f54746647a2bb44f8bd6025c57af
 	https://git.kernel.org/stable/c/dd4be8ecfb41a29e7c4e551b4e866157ce4a3429
 	https://git.kernel.org/stable/c/e109058165137ef42841abd989f080adfefa14fa
 	https://git.kernel.org/stable/c/21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d
 	https://git.kernel.org/stable/c/a3265a9440030068547a20dfee646666f3ca5278
 	https://git.kernel.org/stable/c/cafaaae4bb9ce84a2791fa29bf6907a9466c3883
 	https://git.kernel.org/stable/c/45d211668d33c49d73f5213e8c2b58468108647c
 	https://git.kernel.org/stable/c/9bc72e47d4630d58a840a66a869c56b29554cfe4
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49447: ARM: hisi: Add missing of_node_put after of_find_compatible_node

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ARM: hisi: Add missing of_node_put after of_find_compatible_node

	of_find_compatible_node will increment the refcount of the returned
	device_node. Calling of_node_put() to avoid the refcount leak

	The Linux kernel CVE team has assigned CVE-2022-49447 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.9.318 with commit 46cb7868811d025c3d29c10d18b3422db1cf20d5
	Fixed in 4.14.283 with commit f8da78b2bae1f54746647a2bb44f8bd6025c57af
	Fixed in 4.19.247 with commit dd4be8ecfb41a29e7c4e551b4e866157ce4a3429
	Fixed in 5.4.198 with commit e109058165137ef42841abd989f080adfefa14fa
	Fixed in 5.10.121 with commit 21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d
	Fixed in 5.15.46 with commit a3265a9440030068547a20dfee646666f3ca5278
	Fixed in 5.17.14 with commit cafaaae4bb9ce84a2791fa29bf6907a9466c3883
	Fixed in 5.18.3 with commit 45d211668d33c49d73f5213e8c2b58468108647c
	Fixed in 5.19 with commit 9bc72e47d4630d58a840a66a869c56b29554cfe4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49447
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/arm/mach-hisi/platsmp.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5
	https://git.kernel.org/stable/c/f8da78b2bae1f54746647a2bb44f8bd6025c57af
	https://git.kernel.org/stable/c/dd4be8ecfb41a29e7c4e551b4e866157ce4a3429
	https://git.kernel.org/stable/c/e109058165137ef42841abd989f080adfefa14fa
	https://git.kernel.org/stable/c/21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d
	https://git.kernel.org/stable/c/a3265a9440030068547a20dfee646666f3ca5278
	https://git.kernel.org/stable/c/cafaaae4bb9ce84a2791fa29bf6907a9466c3883
	https://git.kernel.org/stable/c/45d211668d33c49d73f5213e8c2b58468108647c
	https://git.kernel.org/stable/c/9bc72e47d4630d58a840a66a869c56b29554cfe4