Date: Sun, 13 Mar 2022 20:59:49 +0800 From: Dongliang Mu <mudongliangabcd@...il.com> To: oss-security@...ts.openwall.com Subject: Memory leak in Linux HID-elo driver Hi oss-security, There is one memory leak in Linux HID driver, introduced in v5.13.0. When hid_parse in elo_probe fails, it forgets to call usb_put_dev to decrease the refcount, leading to memory leak in the Linux kernel. This is fixed by 817b8b9c5396  and already backported to Linux stable 5.15 and 5.16. I am not sure how to request one CVE on the CVE request webpage. Any help would be appreciated.  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fbf42729d0e91332e8ce75a1ecce08b8a2dab9c1 -- My best regards to you. No System Is Safe! Dongliang Mu
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.