CVE-2022-50343

Summary

In the Linux kernel, the following vulnerability has been resolved:

rapidio: fix possible name leaks when rio_add_device() fails

Patch series "rapidio: fix three possible memory leaks".

This patchset fixes three name leaks in error handling.

  • patch #1 fixes two name leaks while rio_add_device() fails.
  • patch #2 fixes a name leak while rio_register_mport() fails.

This patch (of 2):

If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up the reference in the error path, so that the name can be freed in kobject_cleanup(), and the 'rdev' can be freed in rio_release_dev().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 3b4676f274a6b5d001176f15d0542100bbf4b59aaffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < c482cb0deb57924335103fe592c379a076d867f8affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 80fad2e53eaed2b3a2ff596575f65669e13ceda5affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 88fa351b20ca300693a206ccd3c4b0e0647944d8affected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < ec3f04f74f50d0b6bac04d795c93c2b852753a7aaffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < c413f65011ff8caffabcde0e1c3ceede48a48d6faffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < 85fbf58b15c09d3a6a03098c1e42ebfe9002f39daffected
LinuxLinux1fa5ae857bb14f6046205171d98506d8112dd74e < f9574cd48679926e2a569e1957a5a1bcc8a719acaffected
LinuxLinux2.6.30affected
LinuxLinux0 < 2.6.30unaffected
LinuxLinux4.9.337 <= 4.9.*unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References