CVE-2022-49881

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix memory leak in query_regdb_file()

In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux007f6c5e6eb45c81ee89368a5f226572ae638831 < 219446396786330937bcd382a7bc4ccd767383bcaffected
LinuxLinux007f6c5e6eb45c81ee89368a5f226572ae638831 < 0ede1a988299e95d54bd89551fd635980572e920affected
LinuxLinux007f6c5e6eb45c81ee89368a5f226572ae638831 < e1e12180321f416d83444f2cdc9259e0f5093d35affected
LinuxLinux007f6c5e6eb45c81ee89368a5f226572ae638831 < 38c9fa2cc6bf4b6e1a74057aef8b5cffd23d3264affected
LinuxLinux007f6c5e6eb45c81ee89368a5f226572ae638831 < e9b5a4566d5bc71cc901be50d1fa24da00613120affected
LinuxLinux007f6c5e6eb45c81ee89368a5f226572ae638831 < 57b962e627ec0ae53d4d16d7bd1033e27e67677aaffected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux4.19.267 <= 4.19.*unaffected
LinuxLinux5.4.225 <= 5.4.*unaffected
LinuxLinux5.10.155 <= 5.10.*unaffected
LinuxLinux5.15.79 <= 5.15.*unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References