5.5
CVE-2022-48768
- EPSS 0.21%
- Veröffentlicht 20.06.2024 12:15:14
- Zuletzt bearbeitet 21.11.2024 07:33:59
- CVE-Watchlists
- Unerledigt
tracing/histogram: Fix a potential memory leak for kstrdup()
In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated by kstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better to free it via kfree(p).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.4.19 < 5.4.176
Linux ≫ Linux Kernel Version >= 5.6 < 5.10.96
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.19
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.5
Linux ≫ Linux Kernel Version5.17 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.11 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/8a8878ebb596281f50fc0b9a6e1f23f0d7f154e8
https://git.kernel.org/stable/c/d71b06aa995007eafd247626d0669b9364c42ad7
https://git.kernel.org/stable/c/df86e2fe808c3536a9dba353cc2bebdfea00d0cf
https://git.kernel.org/stable/c/e33fa4a46ee22de88a700e2e3d033da8214a5175
https://git.kernel.org/stable/c/e629e7b525a179e29d53463d992bdee759c950fb