cve/published/2022/CVE-2022-49514.mbox

From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2022-49514: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe

Call of_node_put(platform_node) to avoid refcount leak in
the error path.

The Linux kernel CVE team has assigned CVE-2022-49514 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 4.9.318 with commit 0a1901f34f775b83ea4b8dbb5ed992147b9b8531
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 4.14.283 with commit 1e932aba3c7628c9f880ee9c2cfcc2ae3ba0c01e
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 4.19.247 with commit cc43b9fdca519c5b13be6a717bacbebccd628cf6
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 5.4.198 with commit 23f340ed906c758cec6527376768e3bc1474ac30
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 5.10.121 with commit fb66e0512e5ccc093070e21cf88cce8d98c181b5
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 5.15.46 with commit 48889eb3cce91d7f58e02bc07277b7f724b7a54a
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 5.17.14 with commit ebd5cb4f1f3f10b839e7575219e0f17b60c23113
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 5.18.3 with commit 98d5afe868df998b0244f4c229ab758b4083684a
	Issue introduced in 4.2 with commit 94319ba10ecabc8f28129566d1f5793e3e7a0a79 and fixed in 5.19 with commit 4f4e0454e226de3bf4efd7e7924d1edc571c52d5

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49514
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	sound/soc/mediatek/mt8173/mt8173-max98090.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/0a1901f34f775b83ea4b8dbb5ed992147b9b8531
	https://git.kernel.org/stable/c/1e932aba3c7628c9f880ee9c2cfcc2ae3ba0c01e
	https://git.kernel.org/stable/c/cc43b9fdca519c5b13be6a717bacbebccd628cf6
	https://git.kernel.org/stable/c/23f340ed906c758cec6527376768e3bc1474ac30
	https://git.kernel.org/stable/c/fb66e0512e5ccc093070e21cf88cce8d98c181b5
	https://git.kernel.org/stable/c/48889eb3cce91d7f58e02bc07277b7f724b7a54a
	https://git.kernel.org/stable/c/ebd5cb4f1f3f10b839e7575219e0f17b60c23113
	https://git.kernel.org/stable/c/98d5afe868df998b0244f4c229ab758b4083684a
	https://git.kernel.org/stable/c/4f4e0454e226de3bf4efd7e7924d1edc571c52d5