CVE-2022-49949

Summary

In the Linux kernel, the following vulnerability has been resolved:

firmware_loader: Fix memory leak in firmware upload

In the case of firmware-upload, an instance of struct fw_upload is allocated in firmware_upload_register(). This data needs to be freed in fw_dev_release(). Create a new fw_upload_free() function in sysfs_upload.c to handle the firmware-upload specific memory frees and incorporate the missing kfree call for the fw_upload structure.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux97730bbb242cde22b7140acd202ffd88823886c9 < baf92485d111be828e1ab84a995515b604b938e5affected
LinuxLinux97730bbb242cde22b7140acd202ffd88823886c9 < 789bba82f63c3e81dce426ba457fc7905b30ac6eaffected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux5.19.8 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References