5.5

CVE-2022-50513

staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()

In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated
in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly
released. Besides, considering there are only two error paths and the
first one can directly return, so we do not need implicitly jump to the
`exit` tag to execute the error handler.

So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error
path to release the resource and simplified the return logic of
rtw_init_cmd_priv(). As there is no proper device to test with, no runtime
testing was performed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.12 < 5.4.220
LinuxLinux Kernel Version >= 5.5 < 5.10.150
LinuxLinux Kernel Version >= 5.11 < 5.15.75
LinuxLinux Kernel Version >= 5.16 < 5.19.17
LinuxLinux Kernel Version >= 6.0 < 6.0.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.043
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/e5d8f05edb36fc4ab15beec62cb6ab62f5a60fe2
Patch
https://git.kernel.org/stable/c/e6cc39db24a63f68314473621020ed8cad7be423
Patch
https://git.kernel.org/stable/c/39bef9c6a91bbb790d04c1347cfeae584541fb6a
Patch
https://git.kernel.org/stable/c/a5be64ff6d21f7805a91e6d81f53fc19cd9f0fae
Patch
https://git.kernel.org/stable/c/8db6ca84eee0ac258706f3fca54f7c021cb159ef
Patch
https://git.kernel.org/stable/c/708056fba733a73d926772ea4ce9a42d240345da
Patch