[PATCH 5.15] usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core
From: Miaoqian Lin linmq006@gmail.com
commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
Add the missing platform_device_put() before return from dwc3_qcom_acpi_register_core in the error handling case.
Signed-off-by: Miaoqian Lin linmq006@gmail.com Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org CVE: CVE-2023-22995 Fixes: 2bc02355f8ba ("usb: dwc3: qcom: Add support for booting with ACPI") Signed-off-by: Zheng Yejian zhengyejian1@huawei.com --- drivers/usb/dwc3/dwc3-qcom.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/dwc3-qcom.c b/drivers/usb/dwc3/dwc3-qcom.c index 28bc7480acf3..dfd7873f645b 100644 --- a/drivers/usb/dwc3/dwc3-qcom.c +++ b/drivers/usb/dwc3/dwc3-qcom.c @@ -617,8 +617,10 @@ static int dwc3_qcom_acpi_register_core(struct platform_device *pdev) qcom->dwc3->dev.coherent_dma_mask = dev->coherent_dma_mask;
child_res = kcalloc(2, sizeof(*child_res), GFP_KERNEL); - if (!child_res) + if (!child_res) { + platform_device_put(qcom->dwc3); return -ENOMEM; + }
res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { @@ -656,9 +658,13 @@ static int dwc3_qcom_acpi_register_core(struct platform_device *pdev) if (ret) { dev_err(&pdev->dev, "failed to add device\n"); device_remove_software_node(&qcom->dwc3->dev); + goto out; } + kfree(child_res); + return 0;
out: + platform_device_put(qcom->dwc3); kfree(child_res); return ret; }
On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
From: Miaoqian Lin linmq006@gmail.com
commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
Add the missing platform_device_put() before return from dwc3_qcom_acpi_register_core in the error handling case.
Signed-off-by: Miaoqian Lin linmq006@gmail.com Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org CVE: CVE-2023-22995
That is a bogus CVE, please go revoke it.
thanks,
greg k-h
On 2023/3/3 23:49, Greg KH wrote:
On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
From: Miaoqian Lin linmq006@gmail.com
commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
Add the missing platform_device_put() before return from dwc3_qcom_acpi_register_core in the error handling case.
Signed-off-by: Miaoqian Lin linmq006@gmail.com Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org CVE: CVE-2023-22995
That is a bogus CVE, please go revoke it.
Agree. I see this CVE and its fixes information from NVD, so try to backport this patch to fix it: Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Then should I just remove the "CVE: " field and send a v2 patch? Or you mean "revoke" the CVE from NVD? I actually don't know how to do that :(
thanks,
greg k-h
On Mon, Mar 06, 2023 at 09:26:31AM +0800, Zheng Yejian wrote:
On 2023/3/3 23:49, Greg KH wrote:
On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
From: Miaoqian Lin linmq006@gmail.com
commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
Add the missing platform_device_put() before return from dwc3_qcom_acpi_register_core in the error handling case.
Signed-off-by: Miaoqian Lin linmq006@gmail.com Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org CVE: CVE-2023-22995
That is a bogus CVE, please go revoke it.
Agree. I see this CVE and its fixes information from NVD, so try to backport this patch to fix it: Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Again, this is not a valid bug, the "problem" described can not ever be hit in a real system from what I can tell.
Then should I just remove the "CVE: " field and send a v2 patch? Or you mean "revoke" the CVE from NVD? I actually don't know how to do that :(
If you care about CVEs being "real", yes, please get it revoked from the NVD. There is no need to backport it either from what I can determine.
thanks,
greg k-h
On 2023/3/6 13:49, Greg KH wrote:
On Mon, Mar 06, 2023 at 09:26:31AM +0800, Zheng Yejian wrote:
On 2023/3/3 23:49, Greg KH wrote:
On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
From: Miaoqian Lin linmq006@gmail.com
commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
Add the missing platform_device_put() before return from dwc3_qcom_acpi_register_core in the error handling case.
Signed-off-by: Miaoqian Lin linmq006@gmail.com Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org CVE: CVE-2023-22995
That is a bogus CVE, please go revoke it.
Agree. I see this CVE and its fixes information from NVD, so try to backport this patch to fix it: Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Again, this is not a valid bug, the "problem" described can not ever be hit in a real system from what I can tell.
Agreed!
Then should I just remove the "CVE: " field and send a v2 patch? Or you mean "revoke" the CVE from NVD? I actually don't know how to do that :(
If you care about CVEs being "real", yes, please get it revoked from the NVD. There is no need to backport it either from what I can determine.
Thanks for you pationce :)
-- Zheng Yejian
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Zheng Yejian