CVE-2022-49741

The current error handling code in ufxusbprobe have many unmatching issues, e.g., missing ufxfreeusblist, destroymodedb label should only include framebufferrelease, fbdealloccmap only matches fballoc_cmap.

My local syzkaller reports a memory leak bug:

memory leak in ufxusbprobe

BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 17416, jiffies 4295067474 (age 46.710s) hex dump (first 32 bytes): 80 21 7c 2e 80 88 ff ff 18 d0 d0 0c 80 88 ff ff .!|............. 00 d0 d0 0c 80 88 ff ff e0 ff ff ff 0f 00 00 00 ................ backtrace: [<ffffffff814c99a0>] kmalloctrace+0x20/0x90 mm/slabcommon.c:1045 [<ffffffff824d219c>] kmalloc include/linux/slab.h:553 [inline] [<ffffffff824d219c>] kzalloc include/linux/slab.h:689 [inline] [<ffffffff824d219c>] ufxallocurblist drivers/video/fbdev/smscufx.c:1873 [inline] [<ffffffff824d219c>] ufxusbprobe+0x11c/0x15a0 drivers/video/fbdev/smscufx.c:1655 [<ffffffff82d17927>] usbprobeinterface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff82712f0d>] calldriverprobe drivers/base/dd.c:560 [inline] [<ffffffff82712f0d>] reallyprobe+0x12d/0x390 drivers/base/dd.c:639 [<ffffffff8271322f>] __driverprobedevice+0xbf/0x140 drivers/base/dd.c:778 [<ffffffff827132da>] driverprobedevice+0x2a/0x120 drivers/base/dd.c:808 [<ffffffff82713c27>] __deviceattachdriver+0xf7/0x150 drivers/base/dd.c:936 [<ffffffff82710137>] busforeach_drv+0xb7/0x100 drivers/base/bus.c:427 [<ffffffff827136b5>] __deviceattach+0x105/0x2d0 drivers/base/dd.c:1008 [<ffffffff82711d36>] busprobedevice+0xc6/0xe0 drivers/base/bus.c:487 [<ffffffff8270e242>] deviceadd+0x642/0xdc0 drivers/base/core.c:3517 [<ffffffff82d14d5f>] usbsetconfiguration+0x8ef/0xb80 drivers/usb/core/message.c:2170 [<ffffffff82d2576c>] usbgenericdriverprobe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<ffffffff82d16ffc>] usbprobedevice+0x5c/0x140 drivers/usb/core/driver.c:293 [<ffffffff82712f0d>] calldriverprobe drivers/base/dd.c:560 [inline] [<ffffffff82712f0d>] reallyprobe+0x12d/0x390 drivers/base/dd.c:639 [<ffffffff8271322f>] __driverprobedevice+0xbf/0x140 drivers/base/dd.c:778

Fix this bug by rewriting the error handling code in ufxusbprobe.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49741.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5385af2f89bc352fb70753ab41b2bb036190141f

Fixed

3b3d3127f5b4291ae4caaf50f7b66089ad600480

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d9ddfeb01fb95ffbbc7031d46a5ee2a5e45cbb86

Fixed

3931014367ef31d26af65386a4ca496f50f0cfdf

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

cc6a7249842fceda7574ceb63275a2d5e99d2862

Fixed

64fa364ad3245508d393e16ed4886f92d7eb423c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

cc67482c9e5f2c80d62f623bcc347c29f9f648e1

Fixed

1b4c08844628dfc8d72d3f51b657f2a5e63b7b4b

Fixed

b76449ee75e21acfe9fa4c653d8598f191ed7d68

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6f2075ea883e5d7730d0c9ebb1bb8e7a1a7e953f

Last affected

3f40852d671072836fb7ae331a1f28a24223c4e8

Last affected

70faf9d9b6cc74418716bbf76fe75bd2da10ad4a

Last affected

8d924b262f3178a9b17c17d4306a9f426c508bd9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49741.json"