CVE-2022-49027

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak")

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5	Patch
https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486	Patch
https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed	Patch
https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::

History

24 Oct 2024, 03:48

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-Other
References	~~() https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5 -~~	() https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5 - Patch
References	~~() https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486 -~~	() https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486 - Patch
References	~~() https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed -~~	() https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed - Patch
References	~~() https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359 -~~	() https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359 - Patch
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::

23 Oct 2024, 15:12

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: Se ha corregido el manejo de errores en iavf_init_module(). iavf_init_module() no destruirá workqueue cuando falle pci_register_driver(). Se llama a destroy_workqueue() cuando falle pci_register_driver() para evitar la pérdida de recursos. Similar al manejo de u132_hcd_init en el commit f276e002793c ("usb: u132-hcd: fix resource leak")

21 Oct 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2024-10-24 03:48

NVD link : CVE-2022-49027

Mitre link : CVE-2022-49027

CVE.ORG link : CVE-2022-49027

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

5.5 /10