5.5
CVE-2022-49119
- EPSS 0.25%
- Veröffentlicht 26.02.2025 07:00:49
- Zuletzt bearbeitet 01.10.2025 20:15:48
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.10.111
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.34
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.20
Linux ≫ Linux Kernel Version >= 5.17 < 5.17.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.167 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/a25ed5f21f94f9ae4bcc8dd747e978668890c921
https://git.kernel.org/stable/c/d83574666bac4b1462e90df393fbed6c5f57d1a3
https://git.kernel.org/stable/c/e5ecdb01952f230921aa8163d8d7f4c97c925ed8
https://git.kernel.org/stable/c/f792a3629f4c4aa4c3703d66b43ce1edcc3ec09a
https://git.kernel.org/stable/c/fe5b8ea5583b5c3f6f68e06acba50387edf3b5d5