CVE-2022-48957

EPSS 0.02%
Veröffentlicht 21.10.2024 20:15:07
Zuletzt bearbeitet 24.10.2024 14:41:15
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()

In the Linux kernel, the following vulnerability has been resolved:

dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()

The cmd_buff needs to be freed when error happened in
dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.13 < 5.15.83

Linux ≫ Linux Kernel Version >= 5.16 < 6.0.13

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/4fad22a1281c500f15b172c9d261eff347ca634b

Patch

https://git.kernel.org/stable/c/54d830e24247fa8361b016dd2069362866f45cb6

Patch

https://git.kernel.org/stable/c/785ee7a82297e1512d9061aae91699212ed65796

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48957

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-48957