This is a note to let you know that I've just added the patch titled ima: Fix a potential NULL pointer access in ima_restore_measurement_list to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ima-fix-a-potential-null-pointer-access-in-ima_restore_measurement_list.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 11220db412edae8dba58853238f53258268bdb88 Mon Sep 17 00:00:00 2001 From: Huaxin Lu <luhuaxin1@xxxxxxxxxx> Date: Thu, 3 Nov 2022 00:09:49 +0800 Subject: ima: Fix a potential NULL pointer access in ima_restore_measurement_list From: Huaxin Lu <luhuaxin1@xxxxxxxxxx> commit 11220db412edae8dba58853238f53258268bdb88 upstream. In restore_template_fmt, when kstrdup fails, a non-NULL value will still be returned, which causes a NULL pointer access in template_desc_init_fields. Fixes: c7d09367702e ("ima: support restoring multiple template formats") Cc: stable@xxxxxxxxxx Co-developed-by: Jiaming Li <lijiaming30@xxxxxxxxxx> Signed-off-by: Jiaming Li <lijiaming30@xxxxxxxxxx> Signed-off-by: Huaxin Lu <luhuaxin1@xxxxxxxxxx> Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- security/integrity/ima/ima_template.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -336,8 +336,11 @@ static struct ima_template_desc *restore template_desc->name = ""; template_desc->fmt = kstrdup(template_name, GFP_KERNEL); - if (!template_desc->fmt) + if (!template_desc->fmt) { + kfree(template_desc); + template_desc = NULL; goto out; + } spin_lock(&template_list); list_add_tail_rcu(&template_desc->list, &defined_templates); Patches currently in stable-queue which might be from luhuaxin1@xxxxxxxxxx are queue-5.15/ima-fix-a-potential-null-pointer-access-in-ima_restore_measurement_list.patch