CVE-2022-49284

In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfg_create_device device_register() calls device_initialize(), according to doc of device_initialize: Use put_device() to give up your reference instead of freeing * @dev directly once you have called this function. To prevent potential memleak, use put_device() for error handling.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/412225b32986d5b11c3c1ad9234c50a3f5c52c76	Patch
https://git.kernel.org/stable/c/a529af1f5a5c096f3e18f0d5a32cfcc3d82df1ec	Patch
https://git.kernel.org/stable/c/c61e2fc87f24cae4701f352fe9ecd4c5c143106c	Patch
https://git.kernel.org/stable/c/cfa5dbcdd7aece76f3415284569f2f384aff0253	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

14 Apr 2025, 20:07

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-401
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: coresight: syscfg: Se corrige la fuga de memoria en caso de error de registro en cscfg_create_device device_register() llama a device_initialize(), según la documentación de device_initialize: Use put_device() para entregar su referencia en lugar de liberar * @dev directamente una vez que haya llamado a esta función. Para evitar una posible fuga de memoria, use put_device() para la gestión de errores.
References	~~() https://git.kernel.org/stable/c/412225b32986d5b11c3c1ad9234c50a3f5c52c76 -~~	() https://git.kernel.org/stable/c/412225b32986d5b11c3c1ad9234c50a3f5c52c76 - Patch
References	~~() https://git.kernel.org/stable/c/a529af1f5a5c096f3e18f0d5a32cfcc3d82df1ec -~~	() https://git.kernel.org/stable/c/a529af1f5a5c096f3e18f0d5a32cfcc3d82df1ec - Patch
References	~~() https://git.kernel.org/stable/c/c61e2fc87f24cae4701f352fe9ecd4c5c143106c -~~	() https://git.kernel.org/stable/c/c61e2fc87f24cae4701f352fe9ecd4c5c143106c - Patch
References	~~() https://git.kernel.org/stable/c/cfa5dbcdd7aece76f3415284569f2f384aff0253 -~~	() https://git.kernel.org/stable/c/cfa5dbcdd7aece76f3415284569f2f384aff0253 - Patch

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-04-14 20:07

NVD link : CVE-2022-49284

Mitre link : CVE-2022-49284

CVE.ORG link : CVE-2022-49284

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10