CVE-2022-48863

Summary

In the Linux kernel, the following vulnerability has been resolved:

mISDN: Fix memory leak in dsp_pipeline_build()

dsp_pipeline_build() allocates dup pointer by kstrdup(cfg), but then it updates dup variable by strsep(&dup, "|"). As a result when it calls kfree(dup), the dup variable contains NULL.

Found by Linux Driver Verification project (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 < a3d5fcc6cf2ecbba5a269631092570aa285a24cbaffected
LinuxLinux960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 < 7777b1f795af1bb43867375d8a776080111aae1baffected
LinuxLinux960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 < 640445d6fc059d4514ffea79eb4196299e0e2d0faffected
LinuxLinux960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 < c6a502c2299941c8326d029cfc8a3bc8a4607ad5affected
LinuxLinux2.6.27affected
LinuxLinux0 < 2.6.27unaffected
LinuxLinux5.10.106 <= 5.10.*unaffected
LinuxLinux5.15.29 <= 5.15.*unaffected
LinuxLinux5.16.15 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References