CVE-2022-49817

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: mhi: Fix memory leak in mhi_net_dellink()

MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak.

This patch calls free_netdev() to fix it since netdev_priv is used after unregister.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux13adac032982c61bb590669e8e87e51558917ca1 < 88da008e5e2f9753726ea5a51ef2eb144e9de927affected
LinuxLinux13adac032982c61bb590669e8e87e51558917ca1 < 25a270343b0f16e1f6e65f541a15975a35e238ffaffected
LinuxLinux13adac032982c61bb590669e8e87e51558917ca1 < f7c125bd79f50ec6094761090be81d02726ec6f4affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.80 <= 5.15.*unaffected
LinuxLinux6.0.10 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References