CVE-2022-49741

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fbdev: smscufx: fix error handling code in ufx_usb_probe<br /> <br /> The current error handling code in ufx_usb_probe have many unmatching<br /> issues, e.g., missing ufx_free_usb_list, destroy_modedb label should<br /> only include framebuffer_release, fb_dealloc_cmap only matches<br /> fb_alloc_cmap.<br /> <br /> My local syzkaller reports a memory leak bug:<br /> <br /> memory leak in ufx_usb_probe<br /> <br /> BUG: memory leak<br /> unreferenced object 0xffff88802f879580 (size 128):<br /> comm "kworker/0:7", pid 17416, jiffies 4295067474 (age 46.710s)<br /> hex dump (first 32 bytes):<br /> 80 21 7c 2e 80 88 ff ff 18 d0 d0 0c 80 88 ff ff .!|.............<br /> 00 d0 d0 0c 80 88 ff ff e0 ff ff ff 0f 00 00 00 ................<br /> backtrace:<br /> [] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045<br /> [] kmalloc include/linux/slab.h:553 [inline]<br /> [] kzalloc include/linux/slab.h:689 [inline]<br /> [] ufx_alloc_urb_list drivers/video/fbdev/smscufx.c:1873 [inline]<br /> [] ufx_usb_probe+0x11c/0x15a0 drivers/video/fbdev/smscufx.c:1655<br /> [] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396<br /> [] call_driver_probe drivers/base/dd.c:560 [inline]<br /> [] really_probe+0x12d/0x390 drivers/base/dd.c:639<br /> [] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778<br /> [] driver_probe_device+0x2a/0x120 drivers/base/dd.c:808<br /> [] __device_attach_driver+0xf7/0x150 drivers/base/dd.c:936<br /> [] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427<br /> [] __device_attach+0x105/0x2d0 drivers/base/dd.c:1008<br /> [] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487<br /> [] device_add+0x642/0xdc0 drivers/base/core.c:3517<br /> [] usb_set_configuration+0x8ef/0xb80 drivers/usb/core/message.c:2170<br /> [] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238<br /> [] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293<br /> [] call_driver_probe drivers/base/dd.c:560 [inline]<br /> [] really_probe+0x12d/0x390 drivers/base/dd.c:639<br /> [] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778<br /> <br /> Fix this bug by rewriting the error handling code in ufx_usb_probe.