cve/published/2023/CVE-2023-52838.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52838: fbdev: imsttfb: fix a resource leak in probe

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 fbdev: imsttfb: fix a resource leak in probe

 I've re-written the error handling but the bug is that if init_imstt()
 fails we need to call iounmap(par->cmap_regs).

 The Linux kernel CVE team has assigned CVE-2023-52838 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.291 with commit 7f683f286a2196bd4d2da420a3194f5ba0269d8c and fixed in 4.19.299 with commit 382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
 	Issue introduced in 5.4.251 with commit 815c95d82b79bb32e9aa7c95c6ac7cb1c92612cd and fixed in 5.4.261 with commit 6c66d737b2726ac7784269ddf32a31634f8f269d
 	Issue introduced in 5.10.188 with commit 2bf70b88cc358a437db376826f92c8dcf9c23587 and fixed in 5.10.201 with commit a4dfebec32ec6d420a5506dd56a7834c91be28e4
 	Issue introduced in 5.15.116 with commit ad3de274e065790181f112b9c72a2fb4665ee2fd and fixed in 5.15.139 with commit 8e4b510fe91782522b7ca0ca881b663b5d35e513
 	Issue introduced in 6.1.33 with commit c6c0a9f619584be19726ce7f81c31bc555af401a and fixed in 6.1.63 with commit 7bc7b82fb2191b0d50a80ee4e27030918767dd1d
 	Issue introduced in 6.4 with commit c75f5a55061091030a13fef71b9995b89bc86213 and fixed in 6.5.12 with commit 18d26f9baca7d0d309303e3074a2252b8310884a
 	Issue introduced in 6.4 with commit c75f5a55061091030a13fef71b9995b89bc86213 and fixed in 6.6.2 with commit b346a531159d08c564a312a9eaeea691704f3c00
 	Issue introduced in 6.4 with commit c75f5a55061091030a13fef71b9995b89bc86213 and fixed in 6.7 with commit aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b
 	Issue introduced in 4.14.322 with commit 64c6b84c73f576380fadeec2d30aaeccbc2994c7
 	Issue introduced in 6.3.7 with commit 4c86974fb42281b8041a504d92ab341ad4697325

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52838
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/video/fbdev/imsttfb.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
 	https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d
 	https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4
 	https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513
 	https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d
 	https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a
 	https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00
 	https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52838: fbdev: imsttfb: fix a resource leak in probe

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	fbdev: imsttfb: fix a resource leak in probe

	I've re-written the error handling but the bug is that if init_imstt()
	fails we need to call iounmap(par->cmap_regs).

	The Linux kernel CVE team has assigned CVE-2023-52838 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.291 with commit 7f683f286a2196bd4d2da420a3194f5ba0269d8c and fixed in 4.19.299 with commit 382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
	Issue introduced in 5.4.251 with commit 815c95d82b79bb32e9aa7c95c6ac7cb1c92612cd and fixed in 5.4.261 with commit 6c66d737b2726ac7784269ddf32a31634f8f269d
	Issue introduced in 5.10.188 with commit 2bf70b88cc358a437db376826f92c8dcf9c23587 and fixed in 5.10.201 with commit a4dfebec32ec6d420a5506dd56a7834c91be28e4
	Issue introduced in 5.15.116 with commit ad3de274e065790181f112b9c72a2fb4665ee2fd and fixed in 5.15.139 with commit 8e4b510fe91782522b7ca0ca881b663b5d35e513
	Issue introduced in 6.1.33 with commit c6c0a9f619584be19726ce7f81c31bc555af401a and fixed in 6.1.63 with commit 7bc7b82fb2191b0d50a80ee4e27030918767dd1d
	Issue introduced in 6.4 with commit c75f5a55061091030a13fef71b9995b89bc86213 and fixed in 6.5.12 with commit 18d26f9baca7d0d309303e3074a2252b8310884a
	Issue introduced in 6.4 with commit c75f5a55061091030a13fef71b9995b89bc86213 and fixed in 6.6.2 with commit b346a531159d08c564a312a9eaeea691704f3c00
	Issue introduced in 6.4 with commit c75f5a55061091030a13fef71b9995b89bc86213 and fixed in 6.7 with commit aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b
	Issue introduced in 4.14.322 with commit 64c6b84c73f576380fadeec2d30aaeccbc2994c7
	Issue introduced in 6.3.7 with commit 4c86974fb42281b8041a504d92ab341ad4697325

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52838
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/video/fbdev/imsttfb.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
	https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d
	https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4
	https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513
	https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d
	https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a
	https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00
	https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b