CVE-2022-49549
MEDIUMLinux kernel - Memory Corruption
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the call to mce_threshold_remove_device() will not free it. This happens because mce_threshold_remove_device() fetches the pointer through the threshold_banks per-CPU variable but bp is written there only after the bank creation is successful, and not before, when threshold_create_bank() fails. Add a helper which unwinds all the bank creation work previously done and pass into it the previously allocated threshold banks array for freeing. [ bp: Massage. ]
References (5)
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
10.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-401
Status
published
Affected Products (5)
linux/linux_kernel
< 5.10.121
linux/Kernel
< 5.10.121linux
linux/Kernel
< 5.15.46linux
linux/Kernel
< 5.17.14linux
linux/Kernel
< 5.18.3linux
Timeline
Published
Feb 26, 2025
Tracked Since
Feb 18, 2026