5.5
CVE-2022-49190
- EPSS 0.25%
- Veröffentlicht 26.02.2025 07:00:56
- Zuletzt bearbeitet 03.11.2025 20:15:58
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
kernel/resource: fix kfree() of bootmem memory again
In the Linux kernel, the following vulnerability has been resolved:
kernel/resource: fix kfree() of bootmem memory again
Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem
memory"), we could get a resource allocated during boot via
alloc_resource(). And it's required to release the resource using
free_resource(). Howerver, many people use kfree directly which will
result in kernel BUG. In order to fix this without fixing every call
site, just leak a couple of bytes in such corner case.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.10 < 5.15.33
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.19
Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.162 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892
https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27
https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56
https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8
https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html