CVE-2022-49729

Similar to the handling of playdeferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in playdeferred"), we thought a patch might be needed here as well.

Currently usbsubmiturb is called directly to submit deferred tx urbs after unanchor them.

So the usbgivebackurbbh would failed to unref it in usbunanchor_urb and cause memory leak.

Put those urbs in tx_anchor to avoid the leak, and also fix the error handling.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49729.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f26e30cc6b50ba81e30ca3016c29ad4b48b93eaa

Fixed

1eb0afecfb9cd0f38424b82bd9aaa542310934ee

Fixed

f21f908347712b8288ffe83b531b5e977042b29c

Fixed

3e7c7df6991ac349f2fa8540047757df666e610f

Fixed

6b4d8b44e7163a77fe942f5b80e1651c1b78c537

Fixed

0eeec1a8b0cd38c47edeb042980a6aeacecf35ed

Fixed

6616872cfe7f0474a22dd1f12699f95bcf81a54d

Fixed

3eadc560c1919b8193d17334145dad9a917960e4

Fixed

8a4d480702b71184fabcf379b80bf7539716752e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49729.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.14.0

Fixed

4.9.320

Type: ECOSYSTEM
Events: Introduced

4.10.0

Fixed

4.14.285

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.249

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.200

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.124

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.49

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.18.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49729.json"