Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_get_display_timings() of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak. Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_mode) before cleanup.
Product status
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before 20881ad42e651c69d89eb38a2042838187900fd6
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before b5bdcc5afbff845834d04d651773cb6b47db5dd3
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before 2b22e4fe1273c24f405ed7903349c4bbd82b6368
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before 3ed019654234edb8625c05d05e15d40f74e64f70
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before d6f34bbff07476c6abb8672c89d217824871c5ed
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before 69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before c5734f9030a8b1e13868d1641b5163d8e659306e
cc3f414cf2e404130584b63d373161ba6fd24bc2 (git) before eacf9840ae1285a1ef47eb0ce16d786e542bd4d7
3.9
Any version before 3.9
5.10.252 (semver)
5.15.202 (semver)
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/20881ad42e651c69d89eb38a2042838187900fd6
git.kernel.org/...c/b5bdcc5afbff845834d04d651773cb6b47db5dd3
git.kernel.org/...c/2b22e4fe1273c24f405ed7903349c4bbd82b6368
git.kernel.org/...c/3ed019654234edb8625c05d05e15d40f74e64f70
git.kernel.org/...c/d6f34bbff07476c6abb8672c89d217824871c5ed
git.kernel.org/...c/69290f2d3999c5fa1a7f5d5593cfc5461fa3ee64
git.kernel.org/...c/c5734f9030a8b1e13868d1641b5163d8e659306e
git.kernel.org/...c/eacf9840ae1285a1ef47eb0ce16d786e542bd4d7