| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Feb 2024 09:14:35 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: gregkh@...nel.org Subject: CVE-2021-46985: ACPI: scan: Fix a memory leak in an error handling path From: gregkh@...nel.org Description =========== In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak. The Linux kernel CVE team has assigned CVE-2021-46985 to this issue. Affected and fixed versions =========================== Issue introduced in 4.9.264 with commit e5cdbe419004 and fixed in 4.9.269 with commit 6901a4f795e0 Issue introduced in 4.14.228 with commit 717d9d88fbd9 and fixed in 4.14.233 with commit 5ab9857dde7c Issue introduced in 4.19.184 with commit 7385e438e1f3 and fixed in 4.19.191 with commit 69cc821e89ce Issue introduced in 5.4.109 with commit bc0b1a2036dd and fixed in 5.4.120 with commit dafd4c0b5e83 Issue introduced in 5.10.27 with commit 4a5891992c68 and fixed in 5.10.38 with commit e2381174daea Issue introduced in 5.11.11 with commit 321dbe6c0b55 and fixed in 5.11.22 with commit c5c8f6ffc942 Issue introduced in 5.12 with commit eb50aaf960e3 and fixed in 5.12.5 with commit a7e17a8d421a Issue introduced in 5.12 with commit eb50aaf960e3 and fixed in 5.13 with commit 0c8bd174f0fc Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-46985 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/acpi/scan.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6901a4f795e0e8d65ae779cb37fc22e0bf294712 https://git.kernel.org/stable/c/5ab9857dde7c3ea3faef6b128d718cf8ba98721b https://git.kernel.org/stable/c/69cc821e89ce572884548ac54c4f80eec7a837a5 https://git.kernel.org/stable/c/dafd4c0b5e835db020cff11c74b4af9493a58e72 https://git.kernel.org/stable/c/e2381174daeae0ca35eddffef02dcc8de8c1ef8a https://git.kernel.org/stable/c/c5c8f6ffc942cf42f990f22e35bcf4cbe9d8c2fb https://git.kernel.org/stable/c/a7e17a8d421ae23c920240625b4413c7b94d94a4 https://git.kernel.org/stable/c/0c8bd174f0fc131bc9dfab35cd8784f59045da87
Powered by blists - more mailing lists