5.5
CVE-2022-48706
- EPSS 0.21%
- Veröffentlicht 21.05.2024 16:15:12
- Zuletzt bearbeitet 03.02.2025 16:12:16
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
vdpa: ifcvf: Do proper cleanup if IFCVF init fails
In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvf_mgmt_dev leaks memory if it is not freed before returning. Call is made to correct return statement so memory does not leak. ifcvf_init_hw does not take care of this so it is needed to do it here.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.1.13
Linux ≫ Linux Kernel Version6.2 Updaterc1
Linux ≫ Linux Kernel Version6.2 Updaterc2
Linux ≫ Linux Kernel Version6.2 Updaterc3
Linux ≫ Linux Kernel Version6.2 Updaterc4
Linux ≫ Linux Kernel Version6.2 Updaterc5
Linux ≫ Linux Kernel Version6.2 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.107 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e
https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94