CVE-2022-49866

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: wwan: mhi: fix memory leak in mhi_mbim_dellink

MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak.

This patch sets needs_free_netdev to true when registers network device, which makes netdev subsystem call free_netdev() automatically after unregister_netdevice().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxaa730a9905b7b079ef2fffdab7f15dbb842f5c7c < 2845bc9070cef0c651987487d84d4813d64675ddaffected
LinuxLinuxaa730a9905b7b079ef2fffdab7f15dbb842f5c7c < 3cd3ffe952f78ec5dadf300cb58d4b38a0c0106daffected
LinuxLinuxaa730a9905b7b079ef2fffdab7f15dbb842f5c7c < 668205b9c9f94d5ed6ab00cce9a46a654c2b5d16affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.79 <= 5.15.*unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References