Description
In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional exit case in do_cmd_ioctl() where runflags is not set. This caused chanlist not to be properly freed by do_become_nonbusy(), as it only frees chanlist when runflags is correctly set. Added a check in do_become_nonbusy() for the case where runflags is not set, to properly free the chanlist memory. [1] BUG: memory leak backtrace (crc 844a0efa): __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline] do_cmd_ioctl.part.0+0x112/0x350 drivers/comedi/comedi_fops.c:1890 do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
Product status
4e1da516debbe6a573ffa0392e2809d180d0575c (git) before 830c848aba9f047eb6b34288975ebeb8e8621451
4e1da516debbe6a573ffa0392e2809d180d0575c (git) before 29f644f14b89e6c4965e3c89251929e451190a66
6.19
Any version before 6.19
6.19.12 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/830c848aba9f047eb6b34288975ebeb8e8621451
git.kernel.org/...c/29f644f14b89e6c4965e3c89251929e451190a66