CVE-2022-50669

Summary

In the Linux kernel, the following vulnerability has been resolved:

misc: ocxl: fix possible name leak in ocxl_file_register_afu()

If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux75ca758adbafc81804c39b2c200ecdc819a6c042 < 0cd05062371a49774e8a45258bdedf0bd6d3d327affected
LinuxLinux75ca758adbafc81804c39b2c200ecdc819a6c042 < 7525741cb302a1672b8c3a5edb2a08e4229b5c7caffected
LinuxLinux75ca758adbafc81804c39b2c200ecdc819a6c042 < 3299983a6bf628249ac650908e62d12de959341eaffected
LinuxLinux75ca758adbafc81804c39b2c200ecdc819a6c042 < 557b7de055d1e230ddb6664c29d26917b8db9143affected
LinuxLinux75ca758adbafc81804c39b2c200ecdc819a6c042 < 2fce8b3583d1641a1716486f408478b58e96ec91affected
LinuxLinux75ca758adbafc81804c39b2c200ecdc819a6c042 < a4cb1004aeed2ab893a058fad00a5b41a12c4691affected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References