CVE-2022-49860

Summary

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: k3-udma-glue: fix memory leak when register device fail

If device_register() fails, it should call put_device() to give up reference, the name allocated in dev_set_name() can be freed in callback function kobject_cleanup().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5b65781d06ea90ef2f8e51a13352c43c3daa8cdc < 1dd27541aa2b95bde71bddd43d73f9c16d73272caffected
LinuxLinux5b65781d06ea90ef2f8e51a13352c43c3daa8cdc < 025eab5189fc7ee223ae9b4bc49d7df196543e53affected
LinuxLinux5b65781d06ea90ef2f8e51a13352c43c3daa8cdc < ac2b9f34f02052709aea7b34bb2a165e1853eb41affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.79 <= 5.15.*unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References