cve/published/2024/CVE-2024-40934.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-40934: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()

 Fix a memory leak on logi_dj_recv_send_report() error path.

 The Linux kernel CVE team has assigned CVE-2024-40934 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.4.257 with commit cf48a7ba5c095f76bb9c1951f120fa048442422f and fixed in 5.4.279 with commit 15122dc140d82c51c216535c57b044c4587aae45
 	Issue introduced in 5.10.195 with commit e38a6f12685d8a2189b72078f6254b069ff84650 and fixed in 5.10.221 with commit caa9c9acb93db7ad7b74b157cf101579bac9596d
 	Issue introduced in 5.15.132 with commit 4fb28379b3c735398b252a979c991b340baa6b5b and fixed in 5.15.162 with commit a0503757947f2e46e59c1962326b53b3208c8213
 	Issue introduced in 6.1.53 with commit 6e59609541514d2ed3472f5bc999c55bdb6144ee and fixed in 6.1.95 with commit 789c99a1d7d2c8f6096d75fc2930505840ec9ea0
 	Issue introduced in 6.6 with commit 6f20d3261265885f6a6be4cda49d7019728760e0 and fixed in 6.6.35 with commit f677ca8cfefee2a729ca315f660cd4868abdf8de
 	Issue introduced in 6.6 with commit 6f20d3261265885f6a6be4cda49d7019728760e0 and fixed in 6.9.6 with commit 1df2ead5dfad5f8f92467bd94889392d53100b98
 	Issue introduced in 6.6 with commit 6f20d3261265885f6a6be4cda49d7019728760e0 and fixed in 6.10 with commit ce3af2ee95170b7d9e15fff6e500d67deab1e7b3
 	Issue introduced in 6.4.16 with commit 144becd79c196f02143ca71fc10766bd0cc660a1
 	Issue introduced in 6.5.3 with commit 00ab92481d3a40a5ad323df4c518068f66ce49f1

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-40934
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/hid/hid-logitech-dj.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/15122dc140d82c51c216535c57b044c4587aae45
 	https://git.kernel.org/stable/c/caa9c9acb93db7ad7b74b157cf101579bac9596d
 	https://git.kernel.org/stable/c/a0503757947f2e46e59c1962326b53b3208c8213
 	https://git.kernel.org/stable/c/789c99a1d7d2c8f6096d75fc2930505840ec9ea0
 	https://git.kernel.org/stable/c/f677ca8cfefee2a729ca315f660cd4868abdf8de
 	https://git.kernel.org/stable/c/1df2ead5dfad5f8f92467bd94889392d53100b98
 	https://git.kernel.org/stable/c/ce3af2ee95170b7d9e15fff6e500d67deab1e7b3
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-40934: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()

	Fix a memory leak on logi_dj_recv_send_report() error path.

	The Linux kernel CVE team has assigned CVE-2024-40934 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.4.257 with commit cf48a7ba5c095f76bb9c1951f120fa048442422f and fixed in 5.4.279 with commit 15122dc140d82c51c216535c57b044c4587aae45
	Issue introduced in 5.10.195 with commit e38a6f12685d8a2189b72078f6254b069ff84650 and fixed in 5.10.221 with commit caa9c9acb93db7ad7b74b157cf101579bac9596d
	Issue introduced in 5.15.132 with commit 4fb28379b3c735398b252a979c991b340baa6b5b and fixed in 5.15.162 with commit a0503757947f2e46e59c1962326b53b3208c8213
	Issue introduced in 6.1.53 with commit 6e59609541514d2ed3472f5bc999c55bdb6144ee and fixed in 6.1.95 with commit 789c99a1d7d2c8f6096d75fc2930505840ec9ea0
	Issue introduced in 6.6 with commit 6f20d3261265885f6a6be4cda49d7019728760e0 and fixed in 6.6.35 with commit f677ca8cfefee2a729ca315f660cd4868abdf8de
	Issue introduced in 6.6 with commit 6f20d3261265885f6a6be4cda49d7019728760e0 and fixed in 6.9.6 with commit 1df2ead5dfad5f8f92467bd94889392d53100b98
	Issue introduced in 6.6 with commit 6f20d3261265885f6a6be4cda49d7019728760e0 and fixed in 6.10 with commit ce3af2ee95170b7d9e15fff6e500d67deab1e7b3
	Issue introduced in 6.4.16 with commit 144becd79c196f02143ca71fc10766bd0cc660a1
	Issue introduced in 6.5.3 with commit 00ab92481d3a40a5ad323df4c518068f66ce49f1

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-40934
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/hid/hid-logitech-dj.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/15122dc140d82c51c216535c57b044c4587aae45
	https://git.kernel.org/stable/c/caa9c9acb93db7ad7b74b157cf101579bac9596d
	https://git.kernel.org/stable/c/a0503757947f2e46e59c1962326b53b3208c8213
	https://git.kernel.org/stable/c/789c99a1d7d2c8f6096d75fc2930505840ec9ea0
	https://git.kernel.org/stable/c/f677ca8cfefee2a729ca315f660cd4868abdf8de
	https://git.kernel.org/stable/c/1df2ead5dfad5f8f92467bd94889392d53100b98
	https://git.kernel.org/stable/c/ce3af2ee95170b7d9e15fff6e500d67deab1e7b3