CVE-2022-49671

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. When cm_init_listen() fails it doesn't free it, leading to memory leak. Add the missing error unwind.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2990f223ffa7bb25422956b9f79f9176a5b38346	Patch
https://git.kernel.org/stable/c/2febf09a8a8ae4accf908f043f1bab1421056568	Patch
https://git.kernel.org/stable/c/889000874c1204e47c7f2a4945db262a47e7efc9	Patch
https://git.kernel.org/stable/c/b0cab8b517aeaf2592c3479294f934209c41a26f	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc4::::::

History

11 Mar 2025, 22:27

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/cm: Se corrige la pérdida de memoria en ib_cm_insert_listen cm_alloc_id_priv() asigna recursos para cm_id_priv. Cuando cm_init_listen() falla, no lo libera, lo que provoca una pérdida de memoria. Agregue el desenrollado de error faltante.
CWE		CWE-401
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:5.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
References	~~() https://git.kernel.org/stable/c/2990f223ffa7bb25422956b9f79f9176a5b38346 -~~	() https://git.kernel.org/stable/c/2990f223ffa7bb25422956b9f79f9176a5b38346 - Patch
References	~~() https://git.kernel.org/stable/c/2febf09a8a8ae4accf908f043f1bab1421056568 -~~	() https://git.kernel.org/stable/c/2febf09a8a8ae4accf908f043f1bab1421056568 - Patch
References	~~() https://git.kernel.org/stable/c/889000874c1204e47c7f2a4945db262a47e7efc9 -~~	() https://git.kernel.org/stable/c/889000874c1204e47c7f2a4945db262a47e7efc9 - Patch
References	~~() https://git.kernel.org/stable/c/b0cab8b517aeaf2592c3479294f934209c41a26f -~~	() https://git.kernel.org/stable/c/b0cab8b517aeaf2592c3479294f934209c41a26f - Patch
First Time		Linux Linux linux Kernel

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-11 22:27

NVD link : CVE-2022-49671

Mitre link : CVE-2022-49671

CVE.ORG link : CVE-2022-49671

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10