CVE-2022-49854

Summary

In the Linux kernel, the following vulnerability has been resolved:

mctp: Fix an error handling path in mctp_init()

If mctp_neigh_init() return error, the routes resources should be released in the error handling path. Otherwise some resources leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4d8b9319282ae84f5a17b28d8b5b5d1e7e537312 < 49d8a6e24a3496d86e8d8ae748375df984fb6d6faffected
LinuxLinux4d8b9319282ae84f5a17b28d8b5b5d1e7e537312 < 216c83222d2eb24b0e63df56e8740b02c33286e8affected
LinuxLinux4d8b9319282ae84f5a17b28d8b5b5d1e7e537312 < d4072058af4fd8fb4658e7452289042a406a9398affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.79 <= 5.15.*unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References