5.5

CVE-2022-49119

scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()

In pm8001_chip_fw_flash_update_build(), if
pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex
allocated must be freed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.10.111
LinuxLinux Kernel Version >= 5.11 < 5.15.34
LinuxLinux Kernel Version >= 5.16 < 5.16.20
LinuxLinux Kernel Version >= 5.17 < 5.17.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.167
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/a25ed5f21f94f9ae4bcc8dd747e978668890c921
Patch
https://git.kernel.org/stable/c/d83574666bac4b1462e90df393fbed6c5f57d1a3
Patch
https://git.kernel.org/stable/c/e5ecdb01952f230921aa8163d8d7f4c97c925ed8
Patch
https://git.kernel.org/stable/c/f792a3629f4c4aa4c3703d66b43ce1edcc3ec09a
Patch
https://git.kernel.org/stable/c/fe5b8ea5583b5c3f6f68e06acba50387edf3b5d5
Patch