Description
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and dereferences light->channels, which is NULL. Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.
Product status
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before a118724d7641b832fa14323e2733e28ae4834552
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before 3cbe694d235d96f628ec7dc6ae4d8bdddb768699
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before ba5022162da63059bae36c4fd84d7031f582c71f
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before 65f2c608096d766540953d9b170d216aa3b5eb95
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before 01b91cb3e748032fd96bbe0043812b426a52f091
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before 06162d85f830582da6e9e5fcf9c9504d6da9ae0b
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before da46264a7016034a5bbbad034c012ef218b7d0af
2870b52bae4c81823ffcb3ed2b0626fb39d64f48 (git) before efcffd9a6ad8d190651498d5eda53bfc7cf683a7
4.9
Any version before 4.9
5.10.252 (semver)
5.15.202 (semver)
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.14 (semver)
6.19.4 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/a118724d7641b832fa14323e2733e28ae4834552
git.kernel.org/...c/3cbe694d235d96f628ec7dc6ae4d8bdddb768699
git.kernel.org/...c/ba5022162da63059bae36c4fd84d7031f582c71f
git.kernel.org/...c/65f2c608096d766540953d9b170d216aa3b5eb95
git.kernel.org/...c/01b91cb3e748032fd96bbe0043812b426a52f091
git.kernel.org/...c/06162d85f830582da6e9e5fcf9c9504d6da9ae0b
git.kernel.org/...c/da46264a7016034a5bbbad034c012ef218b7d0af
git.kernel.org/...c/efcffd9a6ad8d190651498d5eda53bfc7cf683a7