5.5
CVE-2022-50404
- EPSS 0.15%
- Veröffentlicht 18.09.2025 16:15:43
- Zuletzt bearbeitet 17.03.2026 16:37:01
- CVE-Watchlists
- Unerledigt
fbdev: fbcon: release buffer when fbcon_do_set_font() failed
In the Linux kernel, the following vulnerability has been resolved:
fbdev: fbcon: release buffer when fbcon_do_set_font() failed
syzbot is reporting memory leak at fbcon_do_set_font() [1], for
commit a5a923038d70 ("fbdev: fbcon: Properly revert changes when
vc_resize() failed") missed that the buffer might be newly allocated
by fbcon_set_font().Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15.64 < 5.15.86
Linux ≫ Linux Kernel Version >= 5.19.6 < 6.0
Linux ≫ Linux Kernel Version >= 6.0.1 < 6.0.16
Linux ≫ Linux Kernel Version >= 6.1 < 6.1.2
Linux ≫ Linux Kernel Version6.0 Update-
Linux ≫ Linux Kernel Version6.0 Updaterc3
Linux ≫ Linux Kernel Version6.0 Updaterc4
Linux ≫ Linux Kernel Version6.0 Updaterc5
Linux ≫ Linux Kernel Version6.0 Updaterc6
Linux ≫ Linux Kernel Version6.0 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.045 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/06926607b9fddf7ce8017493899ce6eb7e79a123
https://git.kernel.org/stable/c/3c3bfb8586f848317ceba5d777e11204ba3e5758
https://git.kernel.org/stable/c/88ec6d11052da527eb9268831e7a9bc5bbad02f6
https://git.kernel.org/stable/c/a609bfc1e644a8467cb31945ed1488374ebdc013
https://git.kernel.org/stable/c/5a341810a22e51c3a7a108f7896b5fd58d44d127