Executive Summary

Informations
Name CVE-2022-49468 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-03-17

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

thermal/core: Fix memory leak in __thermal_cooling_device_register()

I got memory leak as follows when doing fault injection test:

unreferenced object 0xffff888010080000 (size 264312):
comm "182", pid 102533, jiffies 4296434960 (age 10.100s)
hex dump (first 32 bytes):
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......
backtrace:
[<0000000038b2f4fc>] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969
[<00000000ebcb8da5>] __kmalloc+0x373/0x420 include/linux/slab.h:510
[<0000000084137f13>] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586
[<00000000352b8755>] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927
[<00000000fb9f331b>] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041
[<000000009b8012d2>] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211
[<00000000da0b7e04>] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561

If device_register() fails, thermal_cooling_device_destroy_sysfs() need be called to free the memory allocated in thermal_cooling_device_setup_sysfs().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49468

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3538

Sources (Detail)

https://git.kernel.org/stable/c/18530bedd221160823f63ccc20dd55c7a03edbcf
https://git.kernel.org/stable/c/21ccc58b671aea924f2481cf5c1cf0ebbfd3552d
https://git.kernel.org/stable/c/3802171f0b5b8b831f4ade5c827547cb323a5bb2
https://git.kernel.org/stable/c/98a160e898c0f4a979af9de3ab48b4b1d42d1dbb
https://git.kernel.org/stable/c/9abdf0c0184230f0cb5c6685aabf33dda89aa9fb
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2025-06-26 02:09:46
  • Multiple Updates
2025-06-25 12:22:37
  • Multiple Updates
2025-06-24 02:14:22
  • Multiple Updates
2025-05-27 02:11:09
  • Multiple Updates
2025-03-29 03:14:40
  • Multiple Updates
2025-03-28 13:35:01
  • Multiple Updates
2025-03-28 02:57:06
  • Multiple Updates
2025-03-19 00:21:02
  • Multiple Updates
2025-03-18 00:21:05
  • Multiple Updates
2025-03-17 21:21:32
  • Multiple Updates
2025-02-26 17:20:31
  • First insertion