Security tracker / CVE-2022-49196

CVE-2022-49196

powerpc/pseries: Fix use after free in remove_phb_dynamic()

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 2dd9c11b9d4d ("powerpc/pseries: use pci_host_bridge.release_fn()
 carnil> to kfree(phb)"). Vulnerable versions: 3.16.39 4.7.8 4.8-rc5.

Bugs

Status

Branch	Status
upstream	released (5.18-rc1) [fe2640bd7a62f1f7c3f55fbda31084085075bc30]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.13-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.6-upstream-stable	N/A "Fixed before branching point"
6.1-upstream-stable	N/A "Fixed before branching point"
5.10-upstream-stable	needed
sid	released (5.17.3-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	N/A "Fixed before branching point"
5.10-bullseye-security	needed