CVE-2022-49757

Summary

In the Linux kernel, the following vulnerability has been resolved:

EDAC/highbank: Fix memory leak in highbank_mc_probe()

When devres_open_group() fails, it returns -ENOMEM without freeing memory allocated by edac_mc_alloc().

Call edac_mc_free() on the error handling path to avoid a memory leak.

[ bp: Massage commit message. ]

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < f1b3e23ed8df87d779ee86ac37f379e79a24169aaffected
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < 0db40e23b56d217eebd385bebb64057ef764b2c7affected
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < 8d23f5d25264beb223ee79cdb530b88c237719fcaffected
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < 329fbd260352a7b9a83781d8b8bd96f95844a51faffected
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < caffa7fed1397d1395052272c93900176de86557affected
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < b7863ef8a8f0fee96b4eb41211f4918c0e047253affected
LinuxLinuxa1b01edb274518c7da6d69b84e7558c092282aad < e7a293658c20a7945014570e1921bf7d25d68a36affected
LinuxLinux3.6affected
LinuxLinux0 < 3.6unaffected
LinuxLinux4.14.305 <= 4.14.*unaffected
LinuxLinux4.19.272 <= 4.19.*unaffected
LinuxLinux5.4.231 <= 5.4.*unaffected
LinuxLinux5.10.166 <= 5.10.*unaffected
LinuxLinux5.15.91 <= 5.15.*unaffected
LinuxLinux6.1.9 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References