CVE-2022-49191

In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error. Provided ->shutdown() is not called when ->activate() fails, nothing actually frees the buffer in this case. Fix this by properly freeing the buffer in a designated label. We jump there also from the "!info->type" if now too.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d	Patch
https://git.kernel.org/stable/c/2cd05c38a27bee7fb42aa4d43174d68ac55dac0f	Patch
https://git.kernel.org/stable/c/376922045009f8ea2d20a8fa3475e95b47c41690	Patch
https://git.kernel.org/stable/c/685b6d16bf89595310b5d61394c9b97cc9505c7c	Patch
https://git.kernel.org/stable/c/6c9041b2f90c0eace73106f22350e1d2c98f5edc	Patch
https://git.kernel.org/stable/c/6dffc2035fbaada60ca8db59e0962e34f760370a	Patch
https://git.kernel.org/stable/c/996291d06851a26678a0fab488b6e1f0677c0576	Patch
https://git.kernel.org/stable/c/b125b08dbee3611f03f53b71471813ed4ccafcdd	Patch
https://git.kernel.org/stable/c/cd3a4907ee334b40d7aa880c7ab310b154fd5cd4	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-02-26 07:00

Updated : 2025-09-23 13:44

NVD link : CVE-2022-49191

Mitre link : CVE-2022-49191

CVE.ORG link : CVE-2022-49191

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2022-49191", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:56.183", "references": [{"url": "https://git.kernel.org/stable/c/125b7c929fc9b1e5eaa344bceb6367dfa6fd3f9d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2cd05c38a27bee7fb42aa4d43174d68ac55dac0f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/376922045009f8ea2d20a8fa3475e95b47c41690", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/685b6d16bf89595310b5d61394c9b97cc9505c7c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6c9041b2f90c0eace73106f22350e1d2c98f5edc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6dffc2035fbaada60ca8db59e0962e34f760370a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/996291d06851a26678a0fab488b6e1f0677c0576", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b125b08dbee3611f03f53b71471813ed4ccafcdd", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cd3a4907ee334b40d7aa880c7ab310b154fd5cd4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmxser: fix xmit_buf leak in activate when LSR == 0xff\n\nWhen LSR is 0xff in ->activate() (rather unlike), we return an error.\nProvided ->shutdown() is not called when ->activate() fails, nothing\nactually frees the buffer in this case.\n\nFix this by properly freeing the buffer in a designated label. We jump\nthere also from the \"!info->type\" if now too."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mxser: se corrige la fuga de xmit_buf en activate cuando LSR == 0xff Cuando LSR es 0xff en ->activate() (bastante diferente), devolvemos un error. Siempre que no se llame a ->shutdown() cuando ->activate() falla, en realidad nada libera el b\u00fafer en este caso. Corrija esto liberando correctamente el b\u00fafer en una etiqueta designada. Saltamos all\u00ed tambi\u00e9n desde \"!info->type\" if now tambi\u00e9n."}], "lastModified": "2025-09-23T13:44:12.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69F5BE41-4847-4042-A7A9-B9871DCBCCCA", "versionEndExcluding": "4.9.311", "versionStartIncluding": "2.6.33"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49", "versionEndExcluding": "4.14.276", "versionStartIncluding": "4.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D", "versionEndExcluding": "4.19.238", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F", "versionEndExcluding": "5.4.189", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79", "versionEndExcluding": "5.10.110", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5", "versionEndExcluding": "5.15.33", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B", "versionEndExcluding": "5.16.19", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}