5.5

CVE-2022-50537

firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()

In the Linux kernel, the following vulnerability has been resolved:

firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()

In rpi_firmware_probe(), if mbox_request_channel() fails, the 'fw' will
not be freed through rpi_firmware_delete(), fix this leak by calling
kfree() in the error path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.65 < 5.10.163
LinuxLinux Kernel Version >= 5.13 < 5.15.86
LinuxLinux Kernel Version >= 5.16 < 6.0.16
LinuxLinux Kernel Version >= 6.1 < 6.1.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.042
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/62ac943eb2a9d655e431b9bc98ff6d7bd51a0e49
Patch
https://git.kernel.org/stable/c/d34742245e4366579f9a80f8cfe4a63248e838e0
Patch
https://git.kernel.org/stable/c/b308fdedef095aac14569f810d46edf773ea7d1e
Patch
https://git.kernel.org/stable/c/6757dd2193fe18c5c5fe3050e7f2ff9dcbd1ff34
Patch
https://git.kernel.org/stable/c/71d2abab374f707ab8ac8dcef191fd2b3b67b8bd
Patch
https://git.kernel.org/stable/c/7b51161696e803fd5f9ad55b20a64c2df313f95c
Patch