CVE-2022-49024

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-49024
In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b Patch
https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439 Patch
https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
History

24 Oct 2024, 03:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b - () https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b - Patch
References () https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439 - () https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439 - Patch
References () https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656 - () https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656 - Patch
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CWE CWE-401

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: m_can: pci: agregar m_can_class_free_dev() faltante en los métodos probe/remove En m_can_pci_remove() y la ruta de manejo de errores de m_can_pci_probe(), se debe llamar a m_can_class_free_dev() para liberar el recurso asignado por m_can_class_allocate_dev(), de lo contrario habrá una fuga de memoria.

21 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-21 20:15

Updated : 2024-10-24 03:50

NVD link : CVE-2022-49024

Mitre link : CVE-2022-49024

CVE.ORG link : CVE-2022-49024

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024