CVE-2022-49906

Summary

In the Linux kernel, the following vulnerability has been resolved:

ibmvnic: Free rwi on reset success

Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets") introduces an issue that results in a 32 byte memory leak whenever the last rwi in the list gets processed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4f408e1fa6e10b6da72691233369172bac7d9e9b < 535b78739ae75f257c894a05b1afa86ad9a3669eaffected
LinuxLinux4f408e1fa6e10b6da72691233369172bac7d9e9b < c3543a287cfba9105dcc4bb41eb817f51266caafaffected
LinuxLinux4f408e1fa6e10b6da72691233369172bac7d9e9b < d6dd2fe71153f0ff748bf188bd4af076fe09a0a6affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.78 <= 5.15.*unaffected
LinuxLinux6.0.8 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References