CVE-2022-49757

MEDIUM

Linux Kernel 3.6-6.1.9 - Use-After-Free in EDAC Highbank Memory Controller

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without freeing memory allocated by edac_mc_alloc(). Call edac_mc_free() on the error handling path to avoid a memory leak. [ bp: Massage commit message. ]

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/f1b3e23ed8df87d779ee86ac37f379e79a24169a

Patch

https://git.kernel.org/stable/c/0db40e23b56d217eebd385bebb64057ef764b2c7

Patch

https://git.kernel.org/stable/c/8d23f5d25264beb223ee79cdb530b88c237719fc

Patch

https://git.kernel.org/stable/c/329fbd260352a7b9a83781d8b8bd96f95844a51f

Patch

https://git.kernel.org/stable/c/caffa7fed1397d1395052272c93900176de86557

Patch

https://git.kernel.org/stable/c/b7863ef8a8f0fee96b4eb41211f4918c0e047253

Patch

https://git.kernel.org/stable/c/e7a293658c20a7945014570e1921bf7d25d68a36

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (24)

linux/Kernel 3.6.0 - 4.14.305linux

linux/Kernel 4.15.0 - 4.19.272linux

linux/Kernel 4.20.0 - 5.4.231linux

linux/Kernel 5.11.0 - 5.15.91linux

linux/Kernel 5.16.0 - 6.1.9linux

linux/Kernel 5.5.0 - 5.10.166linux

Linux/Linux < 3.6

Linux/Linux 3.6

Linux/Linux 4.14.305 - 4.14.*

Linux/Linux 4.19.272 - 4.19.*

... and 14 more

Published Mar 27, 2025

Tracked Since Feb 18, 2026