References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

mailbox: zynq-ipi: fix error handling while device_register() fails

If device_register() fails, it has two issues:
1. The name allocated by dev_set_name() is leaked.
2. The parent of device is not NULL, device_unregister() is called
   in zynqmp_ipi_free_mboxes(), it will lead a kernel crash because
   of removing not added device.

Call put_device() to give up the reference, so the name is freed in
kobject_cleanup(). Add device registered check in zynqmp_ipi_free_mboxes()
to avoid null-ptr-deref.

https://git.kernel.org/stable/c/3fcf079958c00d83c51e4f250abf2c77fe9cc1b9

https://git.kernel.org/stable/c/4f05d8e2fb3ab702c2633a74571e1b31cb579985

https://git.kernel.org/stable/c/a39b4de0804f9fe0ae911b359ffd4afe7d9d933b

https://git.kernel.org/stable/c/a6792a0cdef0b1c2d77920246283a72537e60e94

https://git.kernel.org/stable/c/b3a5c76f61e2b380e29dfc6705854ca1ee85501d

https://git.kernel.org/stable/c/f2d63cefc012cafe1b7651bbf3302f8bcd8bea4a