CVE-2022-49657

In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91	Patch
https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff	Patch
https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d	Patch
https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8	Patch
https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f	Patch
https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3	Patch
https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706	Patch
https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc5::::::

History

11 Mar 2025, 22:25

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91 -~~	() https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91 - Patch
References	~~() https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff -~~	() https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff - Patch
References	~~() https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d -~~	() https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d - Patch
References	~~() https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8 -~~	() https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8 - Patch
References	~~() https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f -~~	() https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f - Patch
References	~~() https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3 -~~	() https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3 - Patch
References	~~() https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706 -~~	() https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706 - Patch
References	~~() https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b -~~	() https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b - Patch
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:5.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: se corrige la pérdida de memoria en caso de error. usbnet_write_cmd_async() confundía qué búferes se debían liberar en qué caso de error. v2: se agregó la etiqueta Fixes. v3: se corrige el puntero de buf no inicializado.
CWE		CWE-401

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-11 22:25

NVD link : CVE-2022-49657

Mitre link : CVE-2022-49657

CVE.ORG link : CVE-2022-49657

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10