CVE-2022-50537

In rpifirmwareprobe(), if mboxrequestchannel() fails, the 'fw' will not be freed through rpifirmwaredelete(), fix this leak by calling kfree() in the error path.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50537.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d537afa08e156a0a72562e625506825c2776fcfa

Fixed

62ac943eb2a9d655e431b9bc98ff6d7bd51a0e49

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

60831f5ae6c713afceb6d29f40899ed112f36059

Fixed

d34742245e4366579f9a80f8cfe4a63248e838e0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1e7c57355a3bc617fc220234889e49fe722a6305

Fixed

b308fdedef095aac14569f810d46edf773ea7d1e

Fixed

6757dd2193fe18c5c5fe3050e7f2ff9dcbd1ff34

Fixed

71d2abab374f707ab8ac8dcef191fd2b3b67b8bd

Fixed

7b51161696e803fd5f9ad55b20a64c2df313f95c

Affected versions

v5.*

v5.10.100

v5.10.101

v5.10.102

v5.10.103

v5.10.104

v5.10.105

v5.10.106

v5.10.107

v5.10.108

v5.10.109

v5.10.110

v5.10.111

v5.10.112

v5.10.113

v5.10.114

v5.10.115

v5.10.116

v5.10.117

v5.10.118

v5.10.119

v5.10.120

v5.10.121

v5.10.122

v5.10.123

v5.10.124

v5.10.125

v5.10.126

v5.10.127

v5.10.128

v5.10.129

v5.10.130

v5.10.131

v5.10.132

v5.10.133

v5.10.134

v5.10.135

v5.10.136

v5.10.137

v5.10.138

v5.10.139

v5.10.140

v5.10.141

v5.10.142

v5.10.143

v5.10.144

v5.10.145

v5.10.146

v5.10.147

v5.10.148

v5.10.149

v5.10.150

v5.10.151

v5.10.152

v5.10.153

v5.10.154

v5.10.155

v5.10.156

v5.10.157

v5.10.158

v5.10.159

v5.10.160

v5.10.161

v5.10.162

v5.10.65

v5.10.66

v5.10.67

v5.10.68

v5.10.69

v5.10.70

v5.10.71

v5.10.72

v5.10.73

v5.10.74

v5.10.75

v5.10.76

v5.10.77

v5.10.78

v5.10.79

v5.10.80

v5.10.81

v5.10.82

v5.10.83

v5.10.84

v5.10.85

v5.10.86

v5.10.87

v5.10.88

v5.10.89

v5.10.90

v5.10.91

v5.10.92

v5.10.93

v5.10.94

v5.10.95

v5.10.96

v5.10.97

v5.10.98

v5.10.99

v5.12

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.15

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50537.json"

vanir_signatures

[
    {
        "digest": {
            "function_hash": "131824708089709176576082255981448375779",
            "length": 655.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@62ac943eb2a9d655e431b9bc98ff6d7bd51a0e49",
        "target": {
            "file": "drivers/firmware/raspberrypi.c",
            "function": "rpi_firmware_probe"
        },
        "signature_version": "v1",
        "id": "CVE-2022-50537-2432a20b",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "digest": {
            "line_hashes": [
                "62691643164025771325490651810754980558",
                "200844372558731855346073595725975431074",
                "23844262791124469114648334482110596905",
                "44744282010357296623631038075772806517"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@62ac943eb2a9d655e431b9bc98ff6d7bd51a0e49",
        "target": {
            "file": "drivers/firmware/raspberrypi.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-50537-545badbf",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "digest": {
            "line_hashes": [
                "62691643164025771325490651810754980558",
                "200844372558731855346073595725975431074",
                "23844262791124469114648334482110596905",
                "44744282010357296623631038075772806517"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6757dd2193fe18c5c5fe3050e7f2ff9dcbd1ff34",
        "target": {
            "file": "drivers/firmware/raspberrypi.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-50537-6b1c48db",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "131824708089709176576082255981448375779",
            "length": 655.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6757dd2193fe18c5c5fe3050e7f2ff9dcbd1ff34",
        "target": {
            "file": "drivers/firmware/raspberrypi.c",
            "function": "rpi_firmware_probe"
        },
        "signature_version": "v1",
        "id": "CVE-2022-50537-91f3c89a",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "131824708089709176576082255981448375779",
            "length": 655.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b51161696e803fd5f9ad55b20a64c2df313f95c",
        "target": {
            "file": "drivers/firmware/raspberrypi.c",
            "function": "rpi_firmware_probe"
        },
        "signature_version": "v1",
        "id": "CVE-2022-50537-9bdaf1bb",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "digest": {
            "line_hashes": [
                "62691643164025771325490651810754980558",
                "200844372558731855346073595725975431074",
                "23844262791124469114648334482110596905",
                "44744282010357296623631038075772806517"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b51161696e803fd5f9ad55b20a64c2df313f95c",
        "target": {
            "file": "drivers/firmware/raspberrypi.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-50537-dca809a0",
        "signature_type": "Line",
        "deprecated": false
    }
]