5.5

CVE-2022-49923

nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()

In the Linux kernel, the following vulnerability has been resolved:

nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()

nxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when
nxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write()
run succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the
result, the skb will memleak. nxp_nci_send() should also free the skb
when nxp_nci_i2c_write() succeeds.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.1 < 5.10.154
LinuxLinux Kernel Version >= 5.11 < 5.15.78
LinuxLinux Kernel Version >= 5.16 < 6.0.8
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/9ae2c9a91ff068f4c3e392f47e8e26a1c9f85ebb
Patch
https://git.kernel.org/stable/c/3cba1f061bfe23fece2841129ca2862cdec29d5c
Patch
https://git.kernel.org/stable/c/3ecf0f4227029b2c42e036b10ff6e5d09e20821e
Patch
https://git.kernel.org/stable/c/7bf1ed6aff0f70434bd0cdd45495e83f1dffb551
Patch