5.5

CVE-2022-49881

wifi: cfg80211: fix memory leak in query_regdb_file()

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix memory leak in query_regdb_file()

In the function query_regdb_file() the alpha2 parameter is duplicated
using kmemdup() and subsequently freed in regdb_fw_cb(). However,
request_firmware_nowait() can fail without calling regdb_fw_cb() and
thus leak memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15 < 4.19.267
LinuxLinux Kernel Version >= 4.20 < 5.4.225
LinuxLinux Kernel Version >= 5.5 < 5.10.155
LinuxLinux Kernel Version >= 5.11 < 5.15.79
LinuxLinux Kernel Version >= 5.16 < 6.0.9
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.062
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/219446396786330937bcd382a7bc4ccd767383bc
Patch
https://git.kernel.org/stable/c/0ede1a988299e95d54bd89551fd635980572e920
Patch
https://git.kernel.org/stable/c/e1e12180321f416d83444f2cdc9259e0f5093d35
Patch
https://git.kernel.org/stable/c/38c9fa2cc6bf4b6e1a74057aef8b5cffd23d3264
Patch
https://git.kernel.org/stable/c/e9b5a4566d5bc71cc901be50d1fa24da00613120
Patch
https://git.kernel.org/stable/c/57b962e627ec0ae53d4d16d7bd1033e27e67677a
Patch