5.5

CVE-2022-50352

net: hns: fix possible memory leak in hnae_ae_register()

In the Linux kernel, the following vulnerability has been resolved:

net: hns: fix possible memory leak in hnae_ae_register()

Inject fault while probing module, if device_register() fails,
but the refcount of kobject is not decreased to 0, the name
allocated in dev_set_name() is leaked. Fix this by calling
put_device(), so that name can be freed in callback function
kobject_cleanup().

unreferenced object 0xffff00c01aba2100 (size 128):
  comm "systemd-udevd", pid 1259, jiffies 4294903284 (age 294.152s)
  hex dump (first 32 bytes):
    68 6e 61 65 30 00 00 00 18 21 ba 1a c0 00 ff ff  hnae0....!......
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000034783f26>] slab_post_alloc_hook+0xa0/0x3e0
    [<00000000748188f2>] __kmem_cache_alloc_node+0x164/0x2b0
    [<00000000ab0743e8>] __kmalloc_node_track_caller+0x6c/0x390
    [<000000006c0ffb13>] kvasprintf+0x8c/0x118
    [<00000000fa27bfe1>] kvasprintf_const+0x60/0xc8
    [<0000000083e10ed7>] kobject_set_name_vargs+0x3c/0xc0
    [<000000000b87affc>] dev_set_name+0x7c/0xa0
    [<000000003fd8fe26>] hnae_ae_register+0xcc/0x190 [hnae]
    [<00000000fe97edc9>] hns_dsaf_ae_init+0x9c/0x108 [hns_dsaf]
    [<00000000c36ff1eb>] hns_dsaf_probe+0x548/0x748 [hns_dsaf]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4 < 4.9.332
LinuxLinux Kernel Version >= 4.10 < 4.14.298
LinuxLinux Kernel Version >= 4.15 < 4.19.264
LinuxLinux Kernel Version >= 4.20 < 5.4.221
LinuxLinux Kernel Version >= 5.5 < 5.10.152
LinuxLinux Kernel Version >= 5.11 < 5.15.76
LinuxLinux Kernel Version >= 5.16 < 6.0.6
LinuxLinux Kernel Version6.1 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.043
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/a3c148955c22fe1d94d7a2096005679c1f22eddf
Patch
https://git.kernel.org/stable/c/3b78453cca046d3b03853f0d077ad3ad130db886
Patch
https://git.kernel.org/stable/c/7ae1345f6ad715acbcdc9e1ac28153684fd498bb
Patch
https://git.kernel.org/stable/c/dfc0337c6dceb6449403b33ecb141f4a1458a1e9
Patch
https://git.kernel.org/stable/c/2974f3b330ef25f5d34a4948d04290c2cd7802cf
Patch
https://git.kernel.org/stable/c/91f8f5342bee726ed5692583d58f69e7cc9ae60e
Patch
https://git.kernel.org/stable/c/02dc0db19d944b4a90941db505ecf1aaec714be4
Patch
https://git.kernel.org/stable/c/ff2f5ec5d009844ec28f171123f9e58750cef4bf
Patch