CVE-2022-49794

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b	Patch
https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b	Patch
https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c	Patch
https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385	Patch
https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37	Patch
https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4	Patch
https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d	Patch
https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::

History

03 Nov 2025, 14:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b -~~	() https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b - Patch
References	~~() https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b -~~	() https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b - Patch
References	~~() https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c -~~	() https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c - Patch
References	~~() https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385 -~~	() https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385 - Patch
References	~~() https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37 -~~	() https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37 - Patch
References	~~() https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4 -~~	() https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4 - Patch
References	~~() https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d -~~	() https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d - Patch
References	~~() https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9 -~~	() https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
First Time		Linux Linux linux Kernel
CWE		CWE-401

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: at91_adc: corrige posible pérdida de memoria en at91_adc_allocate_trigger() Si iio_trigger_register() devuelve un error, debe llamar a iio_trigger_free() para renunciar a la referencia contenida en iio_trigger_alloc(), de modo que pueda llamar a iio_trig_release() para liberar memoria cuando el recuento de referencias llegue a 0.

01 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 15:16

Updated : 2025-11-06 22:07

NVD link : CVE-2022-49794

Mitre link : CVE-2022-49794

CVE.ORG link : CVE-2022-49794

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10