CVE-2022-48959

MEDIUM

Linux Kernel 5.10-5.10.159, 5.11-5.15.83, 5.16-6.0.13 - Use-After-Free in sja1105_setup_devlink_regions

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/4be43e46c3f945fc7dd9e23c73a7a66927a3b814

Patch

https://git.kernel.org/stable/c/f3b5dda26cd0535aac09ed09c5d83f19b979ec9f

Patch

https://git.kernel.org/stable/c/e5e59629654b8826f0167dae480d0e3fa0f8f038

Patch

https://git.kernel.org/stable/c/78a9ea43fc1a7c06a420b132d2d47cbf4344a5df

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 14.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (15)

linux/Kernel 5.10.0 - 5.10.159linux

linux/Kernel 5.11.0 - 5.15.83linux

linux/Kernel 5.16.0 - 6.0.13linux

Linux/Linux < 5.10

Linux/Linux 5.10

Linux/Linux 5.10.159 - 5.10.*

Linux/Linux 5.15.83 - 5.15.*

Linux/Linux 6.0.13 - 6.0.*

Linux/Linux 6.1

Linux/Linux bf425b82059e0b0752c0026353c1902112200837 - 4be43e46c3f945fc7dd9e23c73a7a66927a3b814

... and 5 more

Published Oct 21, 2024

Tracked Since Feb 18, 2026