DEBIAN-CVE-2022-50626

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvbusbadapterinit() Syzbot reports a memory leak in "dvbusbadapterinit()". The leak is due to not accounting for and freeing current iteration's adapter->priv in case of an error. Currently if an error occurs, it will exit before incrementing "numadaptersinitalized", which is used as a reference counter to free all adap->priv in "dvbusbadapterexit()". There are multiple error paths that can exit from before incrementing the counter. Including the error handling paths for "dvbusbadapterstreaminit()", "dvbusbadapterdvbinit()" and "dvbusbadapterfrontendinit()" within "dvbusbadapterinit()". This means that in case of an error in any of these functions the current iteration is not accounted for and the current iteration's adap->priv is not freed. Fix this by freeing the current iteration's adap->priv in the "streaminiterr:" label in the error path. The rest of the (accounted for) adap->priv objects are freed in dvbusbadapterexit() as expected using the numadaptersinitalized variable. Syzbot report: BUG: memory leak unreferenced object 0xffff8881172f1a00 (size 512): comm "kworker/0:2", pid 139, jiffies 4294994873 (age 10.960s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff844af012>] dvbusbadapterinit drivers/media/usb/dvb-usb/dvb-usb-init.c:75 [inline] [<ffffffff844af012>] dvbusbinit drivers/media/usb/dvb-usb/dvb-usb-init.c:184 [inline] [<ffffffff844af012>] dvbusbdeviceinit.cold+0x4e5/0x79e drivers/media/usb/dvb-usb/dvb-usb-init.c:308 [<ffffffff830db21d>] dib0700probe+0x8d/0x1b0 drivers/media/usb/dvb-usb/dib0700core.c:883 [<ffffffff82d3fdc7>] usbprobeinterface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff8274ab37>] calldriverprobe drivers/base/dd.c:542 [inline] [<ffffffff8274ab37>] reallyprobe.part.0+0xe7/0x310 drivers/base/dd.c:621 [<ffffffff8274ae6c>] reallyprobe drivers/base/dd.c:583 [inline] [<ffffffff8274ae6c>] _driverprobedevice+0x10c/0x1e0 drivers/base/dd.c:752 [<ffffffff8274af6a>] driverprobedevice+0x2a/0x120 drivers/base/dd.c:782 [<ffffffff8274b786>] _deviceattachdriver+0xf6/0x140 drivers/base/dd.c:899 [<ffffffff82747c87>] busforeachdrv+0xb7/0x100 drivers/base/bus.c:427 [<ffffffff8274b352>] _deviceattach+0x122/0x260 drivers/base/dd.c:970 [<ffffffff827498f6>] busprobedevice+0xc6/0xe0 drivers/base/bus.c:487 [<ffffffff82745cdb>] deviceadd+0x5fb/0xdf0 drivers/base/core.c:3405 [<ffffffff82d3d202>] usbsetconfiguration+0x8f2/0xb80 drivers/usb/core/message.c:2170 [<ffffffff82d4dbfc>] usbgenericdriverprobe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<ffffffff82d3f49c>] usbprobedevice+0x5c/0x140 drivers/usb/core/driver.c:293 [<ffffffff8274ab37>] calldriverprobe drivers/base/dd.c:542 [inline] [<ffffffff8274ab37>] reallyprobe.part.0+0xe7/0x310 drivers/base/dd.c:621 [<ffffffff8274ae6c>] reallyprobe drivers/base/dd.c:583 [inline] [<ffffffff8274ae6c>] _driverprobe_device+0x10c/0x1e0 drivers/base/dd.c:752