Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu()

From: Jürgen Groß
Date: Thu May 01 2025 - 14:19:58 EST

Next message: Sean Christopherson: "[PATCH 1/2] x86/fred: Play nice with invoking asm_fred_entry_from_kvm() on non-FRED hardware"
Previous message: Alan Huang: "Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate"
Next in thread: Greg KH: "Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01.05.25 16:10, Greg Kroah-Hartman wrote:

From: Greg Kroah-Hartman <gregkh@xxxxxxxxxx>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

xen/pcpu: fix possible memory leak in register_pcpu()

In device_add(), dev_set_name() is called to allocate name, if it returns
error, the name need be freed. As comment of device_register() says, it
should use put_device() to give up the reference in the error path. So fix
this by calling put_device(), then the name can be freed in kobject_cleanup().

The Linux kernel CVE team has assigned CVE-2022-49816 to this issue.

Please revoke this CVE.

The issue can in no way be triggered by an unprivileged user.

The memory leak could happen only either during boot of dom0, or when
hotplugging a physical CPU to a Xen server.

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Next message: Sean Christopherson: "[PATCH 1/2] x86/fred: Play nice with invoking asm_fred_entry_from_kvm() on non-FRED hardware"
Previous message: Alan Huang: "Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate"
Next in thread: Greg KH: "Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]