cve/published/2022/CVE-2022-49620.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49620: net: tipc: fix possible refcount leak in tipc_sk_create()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: tipc: fix possible refcount leak in tipc_sk_create()

 Free sk in case tipc_sk_insert() fails.

 The Linux kernel CVE team has assigned CVE-2022-49620 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.9.324 with commit 638fa20b618b2bbcf86da71231624cc82121a036
 	Fixed in 4.14.289 with commit 7bc9e7f70bc57d8f02ffea2a42094281effb15ef
 	Fixed in 4.19.253 with commit ef488669b2652bde5b6ee5a409a5b048a2a50db4
 	Fixed in 5.4.207 with commit 4919d82f7041157a421ca9bf39a78551d5ad8a1b
 	Fixed in 5.10.132 with commit efa78f2ae363428525fb4981bb63c555ee79f3c7
 	Fixed in 5.15.56 with commit 833ecd0eae76eadf81d6d747bb5bc992d1151867
 	Fixed in 5.18.13 with commit 3b2957fc09fe1ac7f07f40dd50dd5f93e3f3a7a2
 	Fixed in 5.19 with commit 00aff3590fc0a73bddd3b743863c14e76fd35c0c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49620
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/tipc/socket.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/638fa20b618b2bbcf86da71231624cc82121a036
 	https://git.kernel.org/stable/c/7bc9e7f70bc57d8f02ffea2a42094281effb15ef
 	https://git.kernel.org/stable/c/ef488669b2652bde5b6ee5a409a5b048a2a50db4
 	https://git.kernel.org/stable/c/4919d82f7041157a421ca9bf39a78551d5ad8a1b
 	https://git.kernel.org/stable/c/efa78f2ae363428525fb4981bb63c555ee79f3c7
 	https://git.kernel.org/stable/c/833ecd0eae76eadf81d6d747bb5bc992d1151867
 	https://git.kernel.org/stable/c/3b2957fc09fe1ac7f07f40dd50dd5f93e3f3a7a2
 	https://git.kernel.org/stable/c/00aff3590fc0a73bddd3b743863c14e76fd35c0c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49620: net: tipc: fix possible refcount leak in tipc_sk_create()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: tipc: fix possible refcount leak in tipc_sk_create()

	Free sk in case tipc_sk_insert() fails.

	The Linux kernel CVE team has assigned CVE-2022-49620 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.9.324 with commit 638fa20b618b2bbcf86da71231624cc82121a036
	Fixed in 4.14.289 with commit 7bc9e7f70bc57d8f02ffea2a42094281effb15ef
	Fixed in 4.19.253 with commit ef488669b2652bde5b6ee5a409a5b048a2a50db4
	Fixed in 5.4.207 with commit 4919d82f7041157a421ca9bf39a78551d5ad8a1b
	Fixed in 5.10.132 with commit efa78f2ae363428525fb4981bb63c555ee79f3c7
	Fixed in 5.15.56 with commit 833ecd0eae76eadf81d6d747bb5bc992d1151867
	Fixed in 5.18.13 with commit 3b2957fc09fe1ac7f07f40dd50dd5f93e3f3a7a2
	Fixed in 5.19 with commit 00aff3590fc0a73bddd3b743863c14e76fd35c0c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49620
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/tipc/socket.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/638fa20b618b2bbcf86da71231624cc82121a036
	https://git.kernel.org/stable/c/7bc9e7f70bc57d8f02ffea2a42094281effb15ef
	https://git.kernel.org/stable/c/ef488669b2652bde5b6ee5a409a5b048a2a50db4
	https://git.kernel.org/stable/c/4919d82f7041157a421ca9bf39a78551d5ad8a1b
	https://git.kernel.org/stable/c/efa78f2ae363428525fb4981bb63c555ee79f3c7
	https://git.kernel.org/stable/c/833ecd0eae76eadf81d6d747bb5bc992d1151867
	https://git.kernel.org/stable/c/3b2957fc09fe1ac7f07f40dd50dd5f93e3f3a7a2
	https://git.kernel.org/stable/c/00aff3590fc0a73bddd3b743863c14e76fd35c0c