5.5

CVE-2022-48768

tracing/histogram: Fix a potential memory leak for kstrdup()

In the Linux kernel, the following vulnerability has been resolved:

tracing/histogram: Fix a potential memory leak for kstrdup()

kfree() is missing on an error path to free the memory allocated by
kstrdup():

  p = param = kstrdup(data->params[i], GFP_KERNEL);

So it is better to free it via kfree(p).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.19 < 5.4.176
LinuxLinux Kernel Version >= 5.6 < 5.10.96
LinuxLinux Kernel Version >= 5.11 < 5.15.19
LinuxLinux Kernel Version >= 5.16 < 5.16.5
LinuxLinux Kernel Version5.17 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8
Patch
https://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7
Patch
https://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf
Patch
https://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175
Patch
https://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb
Patch