Bug 1197646 – VUL-0: CVE-2022-27950: kernel-source-rt,kernel-source,kernel-source-azure: Memory leak in drivers/hid/hid-elo.c

Bug 1197646 - (CVE-2022-27950) VUL-0: CVE-2022-27950: kernel-source-rt,kernel-source,kernel-source-azure: Memory leak in drivers/hid/hid-elo.c

(CVE-2022-27950)
Summary:	VUL-0: CVE-2022-27950: kernel-source-rt,kernel-source,kernel-source-azure: Me...

Status:	RESOLVED INVALID

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/327324/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-03-29 12:47 UTC by Thomas Leroy
Modified:	2022-04-05 07:21 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-03-29 12:47:50 UTC

rh#2069408

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

Upstream fix commit:
https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe

Commit introducing the bug:
https://github.com/torvalds/linux/commit/fbf42729d0e91332e8ce75a1ecce08b8a2dab9c1


References:
https://bugzilla.redhat.com/show_bug.cgi?id=2069408
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27950
https://www.openwall.com/lists/oss-security/2022/03/13/1
https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27950
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fbf42729d0e91332e8ce75a1ecce08b8a2dab9c1

Comment 1 Takashi Iwai 2022-03-29 12:54:38 UTC

The buggy patch wasn't backported to any SLE branches, so it affected only stable branch.  And stable branch got 5.16.x update and already moved to 5.17, i.e. already fixed.

Reassigned back to security team.

Comment 2 Thomas Leroy 2022-03-29 13:10:16 UTC

Thanks Takashi for confirming! Closing