CVE-2022-50283

In the Linux kernel, the following vulnerability has been resolved:

mtd: core: add missing ofnodeget() in dynamic partitions code

This fixes unbalanced ofnodeput(): [ 1.078910] 6 cmdlinepart partitions found on MTD device gpmi-nand [ 1.085116] Creating 6 MTD partitions on "gpmi-nand": [ 1.090181] 0x000000000000-0x000008000000 : "nandboot" [ 1.096952] 0x000008000000-0x000009000000 : "nandfit" [ 1.103547] 0x000009000000-0x00000b000000 : "nandkernel" [ 1.110317] 0x00000b000000-0x00000c000000 : "nanddtb" [ 1.115525] ------------[ cut here ]------------ [ 1.120141] refcountt: addition on 0; use-after-free. [ 1.125328] WARNING: CPU: 0 PID: 1 at lib/refcount.c:25 refcountwarnsaturate+0xdc/0x148 [ 1.133528] Modules linked in: [ 1.136589] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc7-next-20220930-04543-g8cf3f7 [ 1.146342] Hardware name: Freescale i.MX8DXL DDR3L EVK (DT) [ 1.151999] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1.158965] pc : refcountwarnsaturate+0xdc/0x148 [ 1.163760] lr : refcountwarnsaturate+0xdc/0x148 [ 1.168556] sp : ffff800009ddb080 [ 1.171866] x29: ffff800009ddb080 x28: ffff800009ddb35a x27: 0000000000000002 [ 1.179015] x26: ffff8000098b06ad x25: ffffffffffffffff x24: ffff0a00ffffff05 [ 1.186165] x23: ffff00001fdf6470 x22: ffff800009ddb367 x21: 0000000000000000 [ 1.193314] x20: ffff00001fdfebe8 x19: ffff00001fdfec50 x18: ffffffffffffffff [ 1.200464] x17: 0000000000000000 x16: 0000000000000118 x15: 0000000000000004 [ 1.207614] x14: 0000000000000fff x13: ffff800009bca248 x12: 0000000000000003 [ 1.214764] x11: 00000000ffffefff x10: c0000000ffffefff x9 : 4762cb2ccb52de00 [ 1.221914] x8 : 4762cb2ccb52de00 x7 : 205d313431303231 x6 : 312e31202020205b [ 1.229063] x5 : ffff800009d55c1f x4 : 0000000000000001 x3 : 0000000000000000 [ 1.236213] x2 : 0000000000000000 x1 : ffff800009954be6 x0 : 000000000000002a [ 1.243365] Call trace: [ 1.245806] refcountwarnsaturate+0xdc/0x148 [ 1.250253] kobjectget+0x98/0x9c [ 1.253658] ofnodeget+0x20/0x34 [ 1.257072] offwnodeget+0x3c/0x54 [ 1.260652] fwnodegetnthparent+0xd8/0xf4 [ 1.264926] fwnodefullnamestring+0x3c/0xb4 [ 1.269373] devicenodestring+0x498/0x5b4 [ 1.273561] pointer+0x41c/0x5d0 [ 1.276793] vsnprintf+0x4d8/0x694 [ 1.280198] vprintkstore+0x164/0x528 [ 1.283951] vprintkemit+0x98/0x164 [ 1.287530] vprintkdefault+0x44/0x6c [ 1.291284] vprintk+0xf0/0x134 [ 1.294428] _printk+0x54/0x7c [ 1.297486] ofnoderelease+0xe8/0x128 [ 1.301326] kobjectput+0x98/0xfc [ 1.304732] ofnodeput+0x1c/0x28 [ 1.308137] addmtddevice+0x484/0x6d4 [ 1.311977] addmtdpartitions+0xf0/0x1d0 [ 1.316078] parsemtdpartitions+0x45c/0x518 [ 1.320439] mtddeviceparseregister+0xb0/0x274 [ 1.325147] gpminandprobe+0x51c/0x650 [ 1.329074] platformprobe+0xa8/0xd0 [ 1.332740] reallyprobe+0x130/0x334 [ 1.336406] _driverprobedevice+0xb4/0xe0 [ 1.340681] driverprobedevice+0x3c/0x1f8 [ 1.344869] _driverattach+0xdc/0x1a4 [ 1.348708] busforeachdev+0x80/0xcc [ 1.352548] driverattach+0x24/0x30 [ 1.356127] busadddriver+0x108/0x1f4 [ 1.359967] driverregister+0x78/0x114 [ 1.363807] _platformdriverregister+0x24/0x30 [ 1.368515] gpminanddriverinit+0x1c/0x28 [ 1.372798] dooneinitcall+0xbc/0x238 [ 1.376638] doinitcalllevel+0x94/0xb4 [ 1.380565] doinitcalls+0x54/0x94 [ 1.384058] dobasicsetup+0x1c/0x28 [ 1.387724] kernelinitfreeable+0x110/0x188 [ 1.392084] kernelinit+0x20/0x1a0 [ 1.395578] retfrom_fork+0x10/0x20 [ 1.399157] ---[ end trace 0000000000000000 ]--- [ 1.403782] ------------[ cut here ]------------