CVE-2022-49653

Published: Feb 26, 2025Modified: Oct 1, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix a memory leak in the EFCH MMIO support The recently added support for EFCH MMIO regions introduced a memory leak in that code path. The leak is caused by the fact that release_resource() merely removes the resource from the tree but does not free its memory. We need to call release_mem_region() instead, which does free the memory. As a nice side effect, this brings back some symmetry between the legacy and MMIO paths.

Affected (7)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.15.42 to 5.15.54
Linux Linux Kernel	From 5.17.10 to 5.18.11
Linux Linux Kernel	Version 5.19 rc1
Linux Linux Kernel	Version 5.19 rc2
Linux Linux Kernel	Version 5.19 rc3
Linux Linux Kernel	Version 5.19 rc4
Linux Linux Kernel	Version 5.19 rc5

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/8ad59b397f86a4d8014966fdc0552095a0c4fb2b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/d2bf1a6480e8d44658a8ac3bdcec081238873212

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.