Bug 1197646 (CVE-2022-27950)

Summary:	VUL-0: CVE-2022-27950: kernel-source-rt,kernel-source,kernel-source-azure: Memory leak in drivers/hid/hid-elo.c
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Thomas Leroy <thomas.leroy>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED INVALID	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	meissner, smash_bz, tiwai
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/327324/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Thomas Leroy 2022-03-29 12:47:50 UTC

rh#2069408

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

Upstream fix commit:
https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe

Commit introducing the bug:
https://github.com/torvalds/linux/commit/fbf42729d0e91332e8ce75a1ecce08b8a2dab9c1


References:
https://bugzilla.redhat.com/show_bug.cgi?id=2069408
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27950
https://www.openwall.com/lists/oss-security/2022/03/13/1
https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27950
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fbf42729d0e91332e8ce75a1ecce08b8a2dab9c1

Comment 1 Takashi Iwai 2022-03-29 12:54:38 UTC

The buggy patch wasn't backported to any SLE branches, so it affected only stable branch.  And stable branch got 5.16.x update and already moved to 5.17, i.e. already fixed.

Reassigned back to security team.

Comment 2 Thomas Leroy 2022-03-29 13:10:16 UTC

Thanks Takashi for confirming! Closing