5.5
CVE-2022-49284
- EPSS 0.25%
- Veröffentlicht 26.02.2025 07:01:05
- Zuletzt bearbeitet 01.10.2025 20:16:01
- CVE-Watchlists
- Unerledigt
coresight: syscfg: Fix memleak on registration failure in cscfg_create_device
In the Linux kernel, the following vulnerability has been resolved:
coresight: syscfg: Fix memleak on registration failure in cscfg_create_device
device_register() calls device_initialize(),
according to doc of device_initialize:
Use put_device() to give up your reference instead of freeing
* @dev directly once you have called this function.
To prevent potential memleak, use put_device() for error handling.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 5.15.33
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.19
Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.157 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/412225b32986d5b11c3c1ad9234c50a3f5c52c76
https://git.kernel.org/stable/c/a529af1f5a5c096f3e18f0d5a32cfcc3d82df1ec
https://git.kernel.org/stable/c/c61e2fc87f24cae4701f352fe9ecd4c5c143106c
https://git.kernel.org/stable/c/cfa5dbcdd7aece76f3415284569f2f384aff0253