CVE-2022-49795

EPSS 0.07%
Veröffentlicht 01.05.2025 14:09:25
Zuletzt bearbeitet 06.11.2025 22:07:31
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

rethook: fix a potential memleak in rethook_alloc()

In the Linux kernel, the following vulnerability has been resolved:

rethook: fix a potential memleak in rethook_alloc()

In rethook_alloc(), the variable rh is not freed or passed out
if handler is NULL, which could lead to a memleak, fix it.

[Masami: Add "rethook:" tag to the title.]

Acke-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.18 < 6.0.10

Linux ≫ Linux Kernel Version6.1 Updaterc1

Linux ≫ Linux Kernel Version6.1 Updaterc2

Linux ≫ Linux Kernel Version6.1 Updaterc3

Linux ≫ Linux Kernel Version6.1 Updaterc4

Linux ≫ Linux Kernel Version6.1 Updaterc5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/cbc5d1f9a8cc40ba2bc6779b36d2ea1f65bc027c

Patch

https://git.kernel.org/stable/c/0a1ebe35cb3b7aa1f4b26b37e2a0b9ae68dc4ffb

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49795

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49795

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49795

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-49795