CVE-2022-50349

Summary

In the Linux kernel, the following vulnerability has been resolved:

misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()

If device_register() returns error in tifm_7xx1_switch_media(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked.

Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < 2bbb222a54ff501f77ce593d21b76b79c905045eaffected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < d861b7d41b17942b337d4b87a70de7cd1dc44d4eaffected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < 1695b1adcc3a7d985cd22fa3b55761edf3fab50daffected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < ee2715faf7e7153f5142ed09aacfa89a64d45dcbaffected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < 57c857353d5020bdec8284d9c0fee447484fe5e0affected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < 848c45964ded537107e010aaf353aa30a0855387affected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < 35abbc8406cc39e72d3ce85f6e869555afe50d54affected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < ef843ee20576039126d34d6eb5f45d14c3e6ce18affected
LinuxLinux2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 < fd2c930cf6a5b9176382c15f9acb1996e76e25adaffected
LinuxLinux2.6.22affected
LinuxLinux0 < 2.6.22unaffected
LinuxLinux4.9.337 <= 4.9.*unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References