CVE-2022-50513

Summary

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()

In rtw_init_cmd_priv(), if pcmdpriv->rsp_allocated_buf is allocated in failure, then pcmdpriv->cmd_allocated_buf will be not properly released. Besides, considering there are only two error paths and the first one can directly return, so we do not need implicitly jump to the exit tag to execute the error handler.

So this patch added kfree(pcmdpriv->cmd_allocated_buf); on the error path to release the resource and simplified the return logic of rtw_init_cmd_priv(). As there is no proper device to test with, no runtime testing was performed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux554c0a3abf216c991c5ebddcdb2c08689ecd290b < e5d8f05edb36fc4ab15beec62cb6ab62f5a60fe2affected
LinuxLinux554c0a3abf216c991c5ebddcdb2c08689ecd290b < e6cc39db24a63f68314473621020ed8cad7be423affected
LinuxLinux554c0a3abf216c991c5ebddcdb2c08689ecd290b < 39bef9c6a91bbb790d04c1347cfeae584541fb6aaffected
LinuxLinux554c0a3abf216c991c5ebddcdb2c08689ecd290b < a5be64ff6d21f7805a91e6d81f53fc19cd9f0faeaffected
LinuxLinux554c0a3abf216c991c5ebddcdb2c08689ecd290b < 8db6ca84eee0ac258706f3fca54f7c021cb159efaffected
LinuxLinux554c0a3abf216c991c5ebddcdb2c08689ecd290b < 708056fba733a73d926772ea4ce9a42d240345daaffected
LinuxLinux4.12affected
LinuxLinux0 < 4.12unaffected
LinuxLinux5.4.220 <= 5.4.*unaffected
LinuxLinux5.10.150 <= 5.10.*unaffected
LinuxLinux5.15.75 <= 5.15.*unaffected
LinuxLinux5.19.17 <= 5.19.*unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References