CVE-2022-49657

Summary

In the Linux kernel, the following vulnerability has been resolved:

usbnet: fix memory leak in error case

usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case.

v2: add Fixes tag v3: fix uninitialized buf pointer

Affected Software

VendorProductVersion RangeStatus
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < 3eed421ca5c809da93456f69203d164d5220be3daffected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < 5269209f54dd8dfd15f9383f3a3a1fe8370764f8affected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < d5165e657987ff4ba0ace896d4376a3718a9fbc3affected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < 04894ab34faf40ab72a8a5ab5b404bb0606bbbffaffected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < 0085da9df3dced730027923a6b48f58e9016af91affected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < db89582ff330556188da856e01382ccbf3a5e706affected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < e7b4f69946a38209b4a4f660bf0e4cbed94f9b4baffected
LinuxLinux877bd862f32b815d54ab5fc10a4fd903d7bf3012 < b55a21b764c1e182014630fa5486d717484ac58faffected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux4.9.323 <= 4.9.*unaffected
LinuxLinux4.14.288 <= 4.14.*unaffected
LinuxLinux4.19.252 <= 4.19.*unaffected
LinuxLinux5.4.205 <= 5.4.*unaffected
LinuxLinux5.10.130 <= 5.10.*unaffected
LinuxLinux5.15.54 <= 5.15.*unaffected
LinuxLinux5.18.11 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References