Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by calling pm_runtime_resume_and_get() instead of pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount balanced in case of failure.
CVSS3: 7.1
OS | Vendor version | Errata |
---|---|---|
Ubuntu 18.04 HWE Focal | 5.4.0-87.98~18.04.1 | USN-5091-1 |
Ubuntu 20.04 | 5.4.0-88.99 | USN-5091-1 |
Ubuntu 18.04 AWS Focal | 5.4.0-1057.60~18.04.1 | USN-5091-1 |
Ubuntu 18.04 Azure Focal | 5.4.0-1059.62~18.04.1 | USN-5091-1 |
Ubuntu 20.04 AWS | 5.4.0-1057.60 | USN-5091-1 |
Amazon Linux 2 5.4 | 5.4.141-67.229.amzn2 | ALASKERNEL-5.4-2022-006 |
Amazon Linux 2 5.10 | 5.10.59-52.142.amzn2 | ALASKERNEL-5.10-2022-004 |
OS | Original kernel version | State |
---|---|---|
Ubuntu 18.04 HWE Focal | |
Planned |
Ubuntu 20.04 | |
Planned |
Ubuntu 18.04 AWS Focal | |
Planned |
Ubuntu 18.04 Azure Focal | |
Planned |
Ubuntu 20.04 AWS | |
Planned |
Amazon Linux 2 5.4 | |
Planned |
Amazon Linux 2 5.10 | |
Planned |