CVE-2022-49119

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()

In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux72d0baa089ebd058cdb8b87fde835e9157c4597a < d83574666bac4b1462e90df393fbed6c5f57d1a3affected
LinuxLinux72d0baa089ebd058cdb8b87fde835e9157c4597a < e5ecdb01952f230921aa8163d8d7f4c97c925ed8affected
LinuxLinux72d0baa089ebd058cdb8b87fde835e9157c4597a < fe5b8ea5583b5c3f6f68e06acba50387edf3b5d5affected
LinuxLinux72d0baa089ebd058cdb8b87fde835e9157c4597a < a25ed5f21f94f9ae4bcc8dd747e978668890c921affected
LinuxLinux72d0baa089ebd058cdb8b87fde835e9157c4597a < f792a3629f4c4aa4c3703d66b43ce1edcc3ec09aaffected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux5.10.111 <= 5.10.*unaffected
LinuxLinux5.15.34 <= 5.15.*unaffected
LinuxLinux5.16.20 <= 5.16.*unaffected
LinuxLinux5.17.3 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References