CVE-2022-49938

Published: Jun 18, 2025Modified: Nov 14, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool.

Affected (5)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.15.66
Linux Linux Kernel	From 5.16 to 5.19.8
Linux Linux Kernel	Version 6.0 rc1
Linux Linux Kernel	Version 6.0 rc2
Linux Linux Kernel	Version 6.0 rc3

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.