CVE-2022-49436 Information

Description

In the Linux kernel the following vulnerability has been resolved:

powerpc/papr_scm: Fix leaking nvdimm_events_map elements

Right now ‘char ’ elements allocated for individual ‘stat_id’ in ‘papr_scm_priv.nvdimm_events_map[]’ during papr_scm_pmu_check_events() get leaked in papr_scm_remove() and papr_scm_pmu_register() papr_scm_pmu_check_events() error paths.

Also individual ‘stat_id’ arent NULL terminated ‘char ’ instead they are fixed 8-byte sized identifiers. However papr_scm_pmu_register() assumes it to be a NULL terminated ‘char ’ and at other places it assumes it to be a ‘papr_scm_perf_stat.stat_id’ sized string which is 8-byes in size.

Fix this by allocating the memory for papr_scm_priv.nvdimm_events_map to also include space for ‘stat_id’ entries. This is possible since number of available events/stat_ids are known upfront. This saves some memory and one extra level of indirection from ’nvdimm_events_map’ to ‘stat_id’. Also rest of the code can continue to call ‘kfree(papr_scm_priv.nvdimm_events_map)’ without needing to iterate over the array and free up individual elements.

Reference

https://git.kernel.org/stable/c/0e0946e22f3665d27325d389ff45ade6e93f3678 https://git.kernel.org/stable/c/b073096df4dec70d0436321b7093bad27ae91f9e