5.5

CVE-2022-49284

coresight: syscfg: Fix memleak on registration failure in cscfg_create_device

In the Linux kernel, the following vulnerability has been resolved:

coresight: syscfg: Fix memleak on registration failure in cscfg_create_device

device_register() calls device_initialize(),
according to doc of device_initialize:

    Use put_device() to give up your reference instead of freeing
    * @dev directly once you have called this function.

To prevent potential memleak, use put_device() for error handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.33
LinuxLinux Kernel Version >= 5.16 < 5.16.19
LinuxLinux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.157
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/412225b32986d5b11c3c1ad9234c50a3f5c52c76
Patch
https://git.kernel.org/stable/c/a529af1f5a5c096f3e18f0d5a32cfcc3d82df1ec
Patch
https://git.kernel.org/stable/c/c61e2fc87f24cae4701f352fe9ecd4c5c143106c
Patch
https://git.kernel.org/stable/c/cfa5dbcdd7aece76f3415284569f2f384aff0253
Patch