CVE-2022-50734

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: Fix memleak in nvmem_register()

dev_set_name will alloc memory for nvmem->dev.kobj.name in nvmem_register, when nvmem_validate_keepouts failed, nvmem's memory will be freed and return, but nobody will free memory for nvmem->dev.kobj.name, there will be memleak, so moving nvmem_validate_keepouts() after device_register() and let the device core deal with cleaning name in error cases.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxde0534df93474f268486c486ea7e01b44a478026 < 9391cc3a787a58aa224a6440d7f244d780ba2896affected
LinuxLinuxde0534df93474f268486c486ea7e01b44a478026 < 2bd2774df0ce37920b23819a860a66fdbdd90823affected
LinuxLinuxde0534df93474f268486c486ea7e01b44a478026 < b6054b9b239a493672f853b034570cca93ba7a88affected
LinuxLinuxde0534df93474f268486c486ea7e01b44a478026 < bd1244561fa2a4531ded40dbf09c9599084f8b29affected
LinuxLinuxc1d44b93ca9f3ebc26b0de0a7f4b7156702762b6affected
LinuxLinux63c2b13ba0428b8f477e4adb1d40a50eb4493c09affected
LinuxLinux5.13.19 < 5.14affected
LinuxLinux5.14.6 < 5.15affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.75 <= 5.15.*unaffected
LinuxLinux5.19.17 <= 5.19.*unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References