SB2025091702 - Memory leak in Linux kernel rapidio driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2022-50343)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rio_setup_device() function in drivers/rapidio/rio-scan.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/3b4676f274a6b5d001176f15d0542100bbf4b59a
• https://git.kernel.org/stable/c/440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8
• https://git.kernel.org/stable/c/80fad2e53eaed2b3a2ff596575f65669e13ceda5
• https://git.kernel.org/stable/c/85fbf58b15c09d3a6a03098c1e42ebfe9002f39d
• https://git.kernel.org/stable/c/88fa351b20ca300693a206ccd3c4b0e0647944d8
• https://git.kernel.org/stable/c/c413f65011ff8caffabcde0e1c3ceede48a48d6f
• https://git.kernel.org/stable/c/c482cb0deb57924335103fe592c379a076d867f8
• https://git.kernel.org/stable/c/ec3f04f74f50d0b6bac04d795c93c2b852753a7a
• https://git.kernel.org/stable/c/f9574cd48679926e2a569e1957a5a1bcc8a719ac
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2