Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu()

From: Greg KH
Date: Fri May 02 2025 - 01:36:05 EST

Next message: Viresh Kumar: "Re: [PATCH v3 1/9] opp: add new helper API dev_pm_opp_set_level()"
Previous message: Sung-Chi Li: "Re: [PATCH 3/3] hwmon: (cros_ec) register fans into thermal framework cooling devices"
In reply to: Jürgen Groß: "Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 01, 2025 at 08:19:47PM +0200, Jürgen Groß wrote:
> On 01.05.25 16:10, Greg Kroah-Hartman wrote:
> > From: Greg Kroah-Hartman <gregkh@xxxxxxxxxx>
> >
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > xen/pcpu: fix possible memory leak in register_pcpu()
> >
> > In device_add(), dev_set_name() is called to allocate name, if it returns
> > error, the name need be freed. As comment of device_register() says, it
> > should use put_device() to give up the reference in the error path. So fix
> > this by calling put_device(), then the name can be freed in kobject_cleanup().
> >
> > The Linux kernel CVE team has assigned CVE-2022-49816 to this issue.
>
> Please revoke this CVE.
>
> The issue can in no way be triggered by an unprivileged user.
>
> The memory leak could happen only either during boot of dom0, or when
> hotplugging a physical CPU to a Xen server.

Now rejected, thanks.

greg k-h

Next message: Viresh Kumar: "Re: [PATCH v3 1/9] opp: add new helper API dev_pm_opp_set_level()"
Previous message: Sung-Chi Li: "Re: [PATCH 3/3] hwmon: (cros_ec) register fans into thermal framework cooling devices"
In reply to: Jürgen Groß: "Re: CVE-2022-49816: xen/pcpu: fix possible memory leak in register_pcpu()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]