CVE-2022-49024

Published: Oct 21, 2024Modified: Oct 24, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak.

Affected (9)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.15.82
Linux Linux Kernel	From 5.16 to 6.0.12
Linux Linux Kernel	Version 6.1 rc1
Linux Linux Kernel	Version 6.1 rc2
Linux Linux Kernel	Version 6.1 rc3
Linux Linux Kernel	Version 6.1 rc4
Linux Linux Kernel	Version 6.1 rc5
Linux Linux Kernel	Version 6.1 rc6
Linux Linux Kernel	Version 6.1 rc7

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.