CVE-2022-49874

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: fix possible memory leak in mousevsc_probe() If hid_add_device() returns error, it should call hid_destroy_device() to free hid_dev which is allocated in hid_allocate_device().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/249b743801c00542e9324f87b380032e957a43e8	Patch
https://git.kernel.org/stable/c/5ad95d71344b7ffec360d62591633b3c465dc049	Patch
https://git.kernel.org/stable/c/5f3aba6566b866f5b0a4916f0b2e8a6ae66a6451	Patch
https://git.kernel.org/stable/c/8597b59e3d22b27849bd3e4f92a3d466774bfb04	Patch
https://git.kernel.org/stable/c/a6d2fb1874c52ace1f5cf1966ee558829c5c19b6	Patch
https://git.kernel.org/stable/c/b5bcb94b0954a026bbd671741fdb00e7141f9c91	Patch
https://git.kernel.org/stable/c/e29289d0d8193fca6d2c1f0a1de75cfc80edec00	Patch
https://git.kernel.org/stable/c/ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::

History

07 May 2025, 13:21

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/249b743801c00542e9324f87b380032e957a43e8 -~~	() https://git.kernel.org/stable/c/249b743801c00542e9324f87b380032e957a43e8 - Patch
References	~~() https://git.kernel.org/stable/c/5ad95d71344b7ffec360d62591633b3c465dc049 -~~	() https://git.kernel.org/stable/c/5ad95d71344b7ffec360d62591633b3c465dc049 - Patch
References	~~() https://git.kernel.org/stable/c/5f3aba6566b866f5b0a4916f0b2e8a6ae66a6451 -~~	() https://git.kernel.org/stable/c/5f3aba6566b866f5b0a4916f0b2e8a6ae66a6451 - Patch
References	~~() https://git.kernel.org/stable/c/8597b59e3d22b27849bd3e4f92a3d466774bfb04 -~~	() https://git.kernel.org/stable/c/8597b59e3d22b27849bd3e4f92a3d466774bfb04 - Patch
References	~~() https://git.kernel.org/stable/c/a6d2fb1874c52ace1f5cf1966ee558829c5c19b6 -~~	() https://git.kernel.org/stable/c/a6d2fb1874c52ace1f5cf1966ee558829c5c19b6 - Patch
References	~~() https://git.kernel.org/stable/c/b5bcb94b0954a026bbd671741fdb00e7141f9c91 -~~	() https://git.kernel.org/stable/c/b5bcb94b0954a026bbd671741fdb00e7141f9c91 - Patch
References	~~() https://git.kernel.org/stable/c/e29289d0d8193fca6d2c1f0a1de75cfc80edec00 -~~	() https://git.kernel.org/stable/c/e29289d0d8193fca6d2c1f0a1de75cfc80edec00 - Patch
References	~~() https://git.kernel.org/stable/c/ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0 -~~	() https://git.kernel.org/stable/c/ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0 - Patch
First Time		Linux linux Kernel Linux
CWE		CWE-401
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::

02 May 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: hyperv: corrige posible pérdida de memoria en mousevsc_probe() Si hid_add_device() devuelve un error, debe llamar a hid_destroy_device() para liberar hid_dev que está asignado en hid_allocate_device().

01 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 15:16

Updated : 2025-05-07 13:21

NVD link : CVE-2022-49874

Mitre link : CVE-2022-49874

CVE.ORG link : CVE-2022-49874

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10