CVE-2022-49791

MEDIUM

Linux Kernel < 6.0.10 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix multishot accept request leaks Having REQ_F_POLLED set doesn't guarantee that the request is executed as a multishot from the polling path. Fortunately for us, if the code thinks it's multishot issue when it's not, it can only ask to skip completion so leaking the request. Use issue_flags to mark multipoll issues.

References (2)

[Patch] https://git.kernel.org/stable/c/0e4626de856ef8f25ecd9c716e76d4f95ce95639

[Patch] https://git.kernel.org/stable/c/91482864768a874c4290ef93b84a78f4f1dac51b

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (7)

linux/linux_kernel < 6.0.10

linux/linux_kernel

linux/Kernel < 6.0.10linux

Timeline

Published May 01, 2025

Tracked Since Feb 18, 2026