CVE-2022-49959

ovsdpcmdnew()->ovsdpchange()->ovsdpsetupcallportids() allocates array via kmalloc. If for some reason newvport() fails during ovsdpcmdnew() dp->upcallportids must be freed. Add missing kfree.

Kmemleak example: unreferenced object 0xffff88800c382500 (size 64): comm "dumpstate", pid 323, jiffies 4294955418 (age 104.347s) hex dump (first 32 bytes): 5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff ^.y..z8..!8..... 03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00 ............(... backtrace: [<0000000071bebc9f>] ovsdpsetupcallportids+0x38/0xa0 [<000000000187d8bd>] ovsdpchange+0x63/0xe0 [<000000002397e446>] ovsdpcmdnew+0x1f0/0x380 [<00000000aa06f36e>] genlfamilyrcvmsgdoit+0xea/0x150 [<000000008f583bc4>] genlrcvmsg+0xdc/0x1e0 [<00000000fa10e377>] netlinkrcvskb+0x50/0x100 [<000000004959cece>] genlrcv+0x24/0x40 [<000000004699ac7f>] netlinkunicast+0x23e/0x360 [<00000000c153573e>] netlinksendmsg+0x24e/0x4b0 [<000000006f4aa380>] socksendmsg+0x62/0x70 [<00000000d0068654>] _syssendmsg+0x230/0x270 [<0000000012dacf7d>] syssendmsg+0x88/0xd0 [<0000000011776020>] _syssendmsg+0x59/0xa0 [<000000002e8f2dc1>] dosyscall64+0x3b/0x90 [<000000003243e7cb>] entrySYSCALL64afterhwframe+0x63/0xcd

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b83d23a2a38b1770da0491257ae81d52307f7816

Fixed

ca54b2bfaab385778e55a9fd33f6c31e7f743b48

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b83d23a2a38b1770da0491257ae81d52307f7816

Fixed

c0c1c0241917459644326a1a3102207c871ae159

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b83d23a2a38b1770da0491257ae81d52307f7816

Fixed

a87406f4adee9c53b311d8a1ba2849c69e29a6d0

Affected versions

v5.*

v5.14

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.19.1

v5.19.2

v5.19.3

v5.19.4

v5.19.5

v5.19.6

v5.19.7

v6.*

v6.0-rc1

v6.0-rc2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.66

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.19.8