CVE-2022-48955

Published: Oct 21, 2024Modified: Oct 24, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomain_alloc_out_hopid() is not released. Add tb_xdomain_release_out_hopid() to the error path to release ida.

Affected (10)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.13 to 5.15.83
Linux Linux Kernel	From 5.16 to 6.0.13
Linux Linux Kernel	Version 6.1 rc1
Linux Linux Kernel	Version 6.1 rc2
Linux Linux Kernel	Version 6.1 rc3
Linux Linux Kernel	Version 6.1 rc4
Linux Linux Kernel	Version 6.1 rc5
Linux Linux Kernel	Version 6.1 rc6
Linux Linux Kernel	Version 6.1 rc7
Linux Linux Kernel	Version 6.1 rc8

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/b9274dbe399952a8175db2e1ee148b7c9ba2b538

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ed14e5903638f6eb868e3e2b4e610985e6a6c876

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.