Bug 1228063 (CVE-2022-48863) - VUL-0: CVE-2022-48863: kernel: mISDN: fix memory leak in dsp_pipeline_build()
Summary: VUL-0: CVE-2022-48863: kernel: mISDN: fix memory leak in dsp_pipeline_build()
Status: NEW
Alias: CVE-2022-48863
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/414281/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-48863:4.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-17 13:07 UTC by SMASH SMASH
Modified: 2024-07-19 08:12 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-07-17 13:07:33 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mISDN: Fix memory leak in dsp_pipeline_build()

dsp_pipeline_build() allocates dup pointer by kstrdup(cfg),
but then it updates dup variable by strsep(&dup, "|").
As a result when it calls kfree(dup), the dup variable contains NULL.

Found by Linux Driver Verification project (linuxtesting.org) with SVACE.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48863
https://www.cve.org/CVERecord?id=CVE-2022-48863
https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f
https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b
https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb
https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2022/CVE-2022-48863.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2298207
Comment 2 Takashi Iwai 2024-07-19 08:12:58 UTC 
The fix backported to SLE12-SP5 and SLE12-SP3-TD branches.