CVE-2022-49653

Summary

In the Linux kernel, the following vulnerability has been resolved:

i2c: piix4: Fix a memory leak in the EFCH MMIO support

The recently added support for EFCH MMIO regions introduced a memory leak in that code path. The leak is caused by the fact that release_resource() merely removes the resource from the tree but does not free its memory. We need to call release_mem_region() instead, which does free the memory. As a nice side effect, this brings back some symmetry between the legacy and MMIO paths.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4b965566ca26e83553d92b8c57050e5d59911806 < d2bf1a6480e8d44658a8ac3bdcec081238873212affected
LinuxLinux7c148722d074c29fb998578eea5de3c14b9608c9 < a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19affected
LinuxLinux7c148722d074c29fb998578eea5de3c14b9608c9 < 8ad59b397f86a4d8014966fdc0552095a0c4fb2baffected
LinuxLinuxf48190bca4b1a397f2e050efea2c8e8e72049ec8affected
LinuxLinux5.15.42 < 5.15.54affected
LinuxLinux5.17.10 < 5.18affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux5.15.54 <= 5.15.*unaffected
LinuxLinux5.18.11 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References