CVE-2022-49312 (GCVE-0-2022-49312)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory
allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not
properly released as there is no action will be performed by
r8712_usb_dvobj_deinit().
To properly release it, we should call r8712_free_io_queue() in
r8712_usb_dvobj_deinit().
Besides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called
by r871x_dev_unload() under condition `padapter->bup` and
r8712_free_io_queue() is called by r8712_free_drv_sw().
However, r8712_usb_dvobj_deinit() does not rely on `padapter->bup` and
calling r8712_free_io_queue() in r8712_free_drv_sw() is negative for
better understading the code.
So I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove
r8712_free_io_queue() from r8712_free_drv_sw().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/os_intfs.c",
"drivers/staging/rtl8712/usb_intf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a89a92efc342dd7c44b6056da87debc598f9c73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8eb42d6d10f8fe509117859defddf9e72b4fa4d0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "205e039fead72e87ad2838f5e649a4c4834f648b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2882b8baad068d21c99fb2ab5a85a2bdbd5b834",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7288ff561de650d4139fab80e9cb0da9b5b32434",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/os_intfs.c",
"drivers/staging/rtl8712/usb_intf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix a potential memory leak in r871xu_drv_init()\n\nIn r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory\nallocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not\nproperly released as there is no action will be performed by\nr8712_usb_dvobj_deinit().\nTo properly release it, we should call r8712_free_io_queue() in\nr8712_usb_dvobj_deinit().\n\nBesides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called\nby r871x_dev_unload() under condition `padapter-\u003ebup` and\nr8712_free_io_queue() is called by r8712_free_drv_sw().\nHowever, r8712_usb_dvobj_deinit() does not rely on `padapter-\u003ebup` and\ncalling r8712_free_io_queue() in r8712_free_drv_sw() is negative for\nbetter understading the code.\nSo I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove\nr8712_free_io_queue() from r8712_free_drv_sw()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:57.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73"
},
{
"url": "https://git.kernel.org/stable/c/8eb42d6d10f8fe509117859defddf9e72b4fa4d0"
},
{
"url": "https://git.kernel.org/stable/c/205e039fead72e87ad2838f5e649a4c4834f648b"
},
{
"url": "https://git.kernel.org/stable/c/a2882b8baad068d21c99fb2ab5a85a2bdbd5b834"
},
{
"url": "https://git.kernel.org/stable/c/7288ff561de650d4139fab80e9cb0da9b5b32434"
}
],
"title": "staging: rtl8712: fix a potential memory leak in r871xu_drv_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49312",
"datePublished": "2025-02-26T02:10:41.627Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-05-04T08:34:57.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49312\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:07.997\",\"lastModified\":\"2025-03-17T19:54:00.450\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nstaging: rtl8712: fix a potential memory leak in r871xu_drv_init()\\n\\nIn r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory\\nallocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not\\nproperly released as there is no action will be performed by\\nr8712_usb_dvobj_deinit().\\nTo properly release it, we should call r8712_free_io_queue() in\\nr8712_usb_dvobj_deinit().\\n\\nBesides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called\\nby r871x_dev_unload() under condition `padapter-\u003ebup` and\\nr8712_free_io_queue() is called by r8712_free_drv_sw().\\nHowever, r8712_usb_dvobj_deinit() does not rely on `padapter-\u003ebup` and\\ncalling r8712_free_io_queue() in r8712_free_drv_sw() is negative for\\nbetter understading the code.\\nSo I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove\\nr8712_free_io_queue() from r8712_free_drv_sw().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: rtl8712: corrige una posible p\u00e9rdida de memoria en r871xu_drv_init() En r871xu_drv_init(), si r8712_init_drv_sw() falla, entonces la memoria asignada por r8712_alloc_io_queue() en r8712_usb_dvobj_init() no se libera correctamente ya que r8712_usb_dvobj_deinit() no realizar\u00e1 ninguna acci\u00f3n. Para liberarla correctamente, debemos llamar a r8712_free_io_queue() en r8712_usb_dvobj_deinit(). Adem\u00e1s, en r871xu_dev_remove(), r8712_usb_dvobj_deinit() ser\u00e1 llamado por r871x_dev_unload() bajo la condici\u00f3n `padapter-\u0026gt;bup` y r8712_free_io_queue() ser\u00e1 llamado por r8712_free_drv_sw(). Sin embargo, r8712_usb_dvobj_deinit() no depende de `padapter-\u0026gt;bup` y llamar a r8712_free_io_queue() en r8712_free_drv_sw() es negativo para una mejor comprensi\u00f3n del c\u00f3digo. Entonces muevo r8712_usb_dvobj_deinit() a r871xu_dev_remove() y elimino r8712_free_io_queue() de r8712_free_drv_sw().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.122\",\"matchCriteriaId\":\"729BFE7A-6A28-47AD-BDEF-256C3C9BC15F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.47\",\"matchCriteriaId\":\"FC042EE3-4864-4325-BE0B-4BCDBF11AA61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.17.15\",\"matchCriteriaId\":\"53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18\",\"versionEndExcluding\":\"5.18.4\",\"matchCriteriaId\":\"FA6D643C-6D6A-4821-8A8D-B5776B8F0103\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/205e039fead72e87ad2838f5e649a4c4834f648b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7288ff561de650d4139fab80e9cb0da9b5b32434\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8eb42d6d10f8fe509117859defddf9e72b4fa4d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a2882b8baad068d21c99fb2ab5a85a2bdbd5b834\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}