CVE-2022-49206

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix memory leak in error flow for subscribe event routine

In case the second xa_insert() fails, the obj_event is not released. Fix the error unwind flow to free that memory to avoid a memory leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7597385371425febdaa8c6a1da3625d4ffff16f5 < 0174a89663a5ef83617da15bf24c0af2f62b6c7faffected
LinuxLinux7597385371425febdaa8c6a1da3625d4ffff16f5 < c98d903ff9e79c210beddea4e6bc15ac38e25aa5affected
LinuxLinux7597385371425febdaa8c6a1da3625d4ffff16f5 < 8dd392e352d3269938fea32061a74655a613f929affected
LinuxLinux7597385371425febdaa8c6a1da3625d4ffff16f5 < d66498507801fd9a20307a15a0814a0a016c3cdeaffected
LinuxLinux7597385371425febdaa8c6a1da3625d4ffff16f5 < 414b4e8738484379f18d6c4e780787c80dbf8a2caffected
LinuxLinux7597385371425febdaa8c6a1da3625d4ffff16f5 < 087f9c3f2309ed183f7e4b85ae57121d8663224daffected
LinuxLinux5.3affected
LinuxLinux0 < 5.3unaffected
LinuxLinux5.4.189 <= 5.4.*unaffected
LinuxLinux5.10.110 <= 5.10.*unaffected
LinuxLinux5.15.33 <= 5.15.*unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References