cve/published/2022/CVE-2022-49724.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49724: tty: goldfish: Fix free_irq() on remove

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 tty: goldfish: Fix free_irq() on remove

 Pass the correct dev_id to free_irq() to fix this splat when the driver
 is unbound:

  WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
  Trying to free already-free IRQ 65
  Call Trace:
   warn_slowpath_fmt
   free_irq
   goldfish_tty_remove
   platform_remove
   device_remove
   device_release_driver_internal
   device_driver_detach
   unbind_store
   drv_attr_store
   ...

 The Linux kernel CVE team has assigned CVE-2022-49724 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 4.14.285 with commit c4b0b8edccb0cfb15a8cecf4161e0571d3daac64
 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 4.19.249 with commit c83a1d40dc624070a203eb383ef9fb60eb634136
 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.4.200 with commit f7183c76d500324b8b5bd0af5e663cfa57b7b836
 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.10.124 with commit 65ca4db68b6819244df9024aea4be55edf8af1ef
 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.15.49 with commit fb15e79cacddfbc62264e6e807bde50ad688e988
 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.18.6 with commit a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8
 	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.19 with commit 499e13aac6c762e1e828172b0f0f5275651d6512

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49724
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/tty/goldfish.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64
 	https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136
 	https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836
 	https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef
 	https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988
 	https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8
 	https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49724: tty: goldfish: Fix free_irq() on remove

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	tty: goldfish: Fix free_irq() on remove

	Pass the correct dev_id to free_irq() to fix this splat when the driver
	is unbound:

	WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
	Trying to free already-free IRQ 65
	Call Trace:
	warn_slowpath_fmt
	free_irq
	goldfish_tty_remove
	platform_remove
	device_remove
	device_release_driver_internal
	device_driver_detach
	unbind_store
	drv_attr_store
	...

	The Linux kernel CVE team has assigned CVE-2022-49724 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 4.14.285 with commit c4b0b8edccb0cfb15a8cecf4161e0571d3daac64
	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 4.19.249 with commit c83a1d40dc624070a203eb383ef9fb60eb634136
	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.4.200 with commit f7183c76d500324b8b5bd0af5e663cfa57b7b836
	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.10.124 with commit 65ca4db68b6819244df9024aea4be55edf8af1ef
	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.15.49 with commit fb15e79cacddfbc62264e6e807bde50ad688e988
	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.18.6 with commit a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8
	Issue introduced in 4.6 with commit 465893e18878e119d8d0255439fad8debbd646fd and fixed in 5.19 with commit 499e13aac6c762e1e828172b0f0f5275651d6512

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49724
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/tty/goldfish.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64
	https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136
	https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836
	https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef
	https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988
	https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8
	https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512