CVE-2022-49436

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/papr_scm: Fix leaking nvdimm_events_map elements<br /> <br /> Right now &amp;#39;char *&amp;#39; elements allocated for individual &amp;#39;stat_id&amp;#39; in<br /> &amp;#39;papr_scm_priv.nvdimm_events_map[]&amp;#39; during papr_scm_pmu_check_events(), get<br /> leaked in papr_scm_remove() and papr_scm_pmu_register(),<br /> papr_scm_pmu_check_events() error paths.<br /> <br /> Also individual &amp;#39;stat_id&amp;#39; arent NULL terminated &amp;#39;char *&amp;#39; instead they are fixed<br /> 8-byte sized identifiers. However papr_scm_pmu_register() assumes it to be a<br /> NULL terminated &amp;#39;char *&amp;#39; and at other places it assumes it to be a<br /> &amp;#39;papr_scm_perf_stat.stat_id&amp;#39; sized string which is 8-byes in size.<br /> <br /> Fix this by allocating the memory for papr_scm_priv.nvdimm_events_map to also<br /> include space for &amp;#39;stat_id&amp;#39; entries. This is possible since number of available<br /> events/stat_ids are known upfront. This saves some memory and one extra level of<br /> indirection from &amp;#39;nvdimm_events_map&amp;#39; to &amp;#39;stat_id&amp;#39;. Also rest of the code<br /> can continue to call &amp;#39;kfree(papr_scm_priv.nvdimm_events_map)&amp;#39; without needing to<br /> iterate over the array and free up individual elements.