Description
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: zero out stale pointers `cros_typec_get_switch_handles` allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in `port` become stale. The stale pointers eventually cause use-after-free or double free in later code paths. Zeroing out all pointer fields after freeing to eliminate these stale pointers.
Product status
f28adb41dab4a2795fd959750df57adffd2bb0be (git) before 0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40
f28adb41dab4a2795fd959750df57adffd2bb0be (git) before b610758bb3e0674644c1255cdafc2f46b7e05ff9
f28adb41dab4a2795fd959750df57adffd2bb0be (git) before 6613f36a2fa5c69e528bccba8b3d831f759dad2f
f28adb41dab4a2795fd959750df57adffd2bb0be (git) before 9a8aadcf0b459c1257b9477fd6402e1d5952ae07
5.9
Any version before 5.9
5.15.86 (semver)
6.0.16 (semver)
6.1.2 (semver)
6.2 (original_commit_for_fix)
References
git.kernel.org/...c/0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40
git.kernel.org/...c/b610758bb3e0674644c1255cdafc2f46b7e05ff9
git.kernel.org/...c/6613f36a2fa5c69e528bccba8b3d831f759dad2f
git.kernel.org/...c/9a8aadcf0b459c1257b9477fd6402e1d5952ae07
