CVE-2022-50278

Summary

In the Linux kernel, the following vulnerability has been resolved:

PNP: fix name memory leak in pnp_alloc_dev()

After commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, move dev_set_name() after pnp_add_id() to avoid memory leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < ea77b4b761cd75e5456f677311babfa0418f289aaffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 693a0c13c1f0c0fcaa1e38cb806cc0789bd415aaaffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < bbcf772216aa237036cc3ae3158288d0a95aaf4daffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 81b024df4755e6bb6993b786584eca6eabbb9791affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < dac87e295cddc8ab316cff14ab2071b5221d84faaffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < c12b314bb23dc0c83e03402cc84574700947e3b2affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 1f50c7497a5f89de0c31f2edf086af41ff834320affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 290dd73b943c95c006df973257076ff163adf4d0affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 110d7b0325c55ff3620073ba4201845f59e22ebfaffected
LinuxLinux2.6.30affected
LinuxLinux0 < 2.6.30unaffected
LinuxLinux4.9.337 <= 4.9.*unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References