In the Linux kernel, the following vulnerability has been resolved:
nfc: nfcmrvl: Fix memory leak in nfcmrvlplaydeferred
Similar to the handling of playdeferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in playdeferred"), we thought a patch might be needed here as well.
Currently usbsubmiturb is called directly to submit deferred tx urbs after unanchor them.
So the usbgivebackurbbh would failed to unref it in usbunanchor_urb and cause memory leak.
Put those urbs in tx_anchor to avoid the leak, and also fix the error handling.
[
{
"id": "CVE-2022-49729-0486aafb",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6b4d8b44e7163a77fe942f5b80e1651c1b78c537",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-17564bf7",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3eadc560c1919b8193d17334145dad9a917960e4",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-20c6e425",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e7c7df6991ac349f2fa8540047757df666e610f",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-32c05bcd",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a4d480702b71184fabcf379b80bf7539716752e",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-3841b39a",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1eb0afecfb9cd0f38424b82bd9aaa542310934ee",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-3e217e39",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6616872cfe7f0474a22dd1f12699f95bcf81a54d",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-7ac44ffe",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0eeec1a8b0cd38c47edeb042980a6aeacecf35ed",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-9563ff34",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f21f908347712b8288ffe83b531b5e977042b29c",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-9732a7b6",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3eadc560c1919b8193d17334145dad9a917960e4",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-bd517099",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8a4d480702b71184fabcf379b80bf7539716752e",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-c5eded68",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e7c7df6991ac349f2fa8540047757df666e610f",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-ca25016b",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1eb0afecfb9cd0f38424b82bd9aaa542310934ee",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-ccdbcca5",
"target": {
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"148329720295779092598634432893818145907",
"128075975477656762139238736300248223243",
"162914999473546378759252678479796945892",
"41846442086675446482135079665318478539",
"109195698345761283375445293248676600285",
"169912116166596335664466102856535577814",
"308528840150933670496898583366408327080",
"253414808872178311235537491142852238580",
"11464721102113455494109901665992514929",
"94867456332740241735788381086245797562"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f21f908347712b8288ffe83b531b5e977042b29c",
"signature_type": "Line"
},
{
"id": "CVE-2022-49729-ee93859a",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6b4d8b44e7163a77fe942f5b80e1651c1b78c537",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-f0fa5a40",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6616872cfe7f0474a22dd1f12699f95bcf81a54d",
"signature_type": "Function"
},
{
"id": "CVE-2022-49729-f33ace1d",
"target": {
"function": "nfcmrvl_play_deferred",
"file": "drivers/nfc/nfcmrvl/usb.c"
},
"signature_version": "v1",
"digest": {
"length": 245.0,
"function_hash": "92727862021074893872927773193139168750"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0eeec1a8b0cd38c47edeb042980a6aeacecf35ed",
"signature_type": "Function"
}
]