CVE-2022-49024

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods

In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcab7ffc0324f053c8fb56c821cdd63dc0383270d < ea8dc27bb044e19868155e500ce397007be98656affected
LinuxLinuxcab7ffc0324f053c8fb56c821cdd63dc0383270d < 0bbb88651ef6b7fbb1bf75ec7ba69add632e834baffected
LinuxLinuxcab7ffc0324f053c8fb56c821cdd63dc0383270d < 1eca1d4cc21b6d0fc5f9a390339804c0afce9439affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.82 <= 5.15.*unaffected
LinuxLinux6.0.12 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References