CVE-2022-49619

MEDIUM

Linux kernel - Memory Leak

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfp_probe() sfp_probe() allocates a memory chunk from sfp with sfp_alloc(). When devm_add_action() fails, sfp is not freed, which leads to a memory leak. We should use devm_add_action_or_reset() instead of devm_add_action().

References (7)

[Patch] https://git.kernel.org/stable/c/0a18d802d65cf662644fd1d369c86d84a5630652

[Patch] https://git.kernel.org/stable/c/1545bc727625ea6e8decd717e5d1e8cc704ccf8f

[Patch] https://git.kernel.org/stable/c/204543581a2f26bb3b997a304c0bd06926ba7f15

[Patch] https://git.kernel.org/stable/c/67dc32542a1fb7790d0853cf4a5cf859ac6a2002

[Patch] https://git.kernel.org/stable/c/9ec5a97f327a89031fce6cfc3e95543c53936638

[Patch] https://git.kernel.org/stable/c/ede990cfc42775bd0141e21f37ee365dcaeeb50f

[Patch] https://git.kernel.org/stable/c/f22ddc8a5278d7fb6369a0aeb0d8775a0aefaaee

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (11)

linux/linux_kernel < 4.14.289

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/Kernel < 4.14.289linux

linux/Kernel < 4.19.253linux

linux/Kernel < 5.4.207linux

linux/Kernel < 5.10.132linux

linux/Kernel < 5.15.56linux

linux/Kernel < 5.18.13linux

Timeline

Published Feb 26, 2025

Tracked Since Feb 18, 2026