cvelistv5 - cve-2022-49817

CVE-2022-49817 (GCVE-0-2022-49817)

Vulnerability from cvelistv5

Published

2025-05-01 14:09

Modified

2025-05-04 08:45

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak. This patch calls free_netdev() to fix it since netdev_priv is used after unregister.

References

URL

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4	Patch

Impacted products

Vendor

Product

Version

Linux

Version: 13adac032982c61bb590669e8e87e51558917ca1
Version: 13adac032982c61bb590669e8e87e51558917ca1
Version: 13adac032982c61bb590669e8e87e51558917ca1

Linux

Version: 5.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/mhi_net.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "88da008e5e2f9753726ea5a51ef2eb144e9de927",
              "status": "affected",
              "version": "13adac032982c61bb590669e8e87e51558917ca1",
              "versionType": "git"
            },
            {
              "lessThan": "25a270343b0f16e1f6e65f541a15975a35e238ff",
              "status": "affected",
              "version": "13adac032982c61bb590669e8e87e51558917ca1",
              "versionType": "git"
            },
            {
              "lessThan": "f7c125bd79f50ec6094761090be81d02726ec6f4",
              "status": "affected",
              "version": "13adac032982c61bb590669e8e87e51558917ca1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/mhi_net.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.80",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mhi: Fix memory leak in mhi_net_dellink()\n\nMHI driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch calls free_netdev() to fix it since netdev_priv\nis used after unregister."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:45:57.391Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927"
        },
        {
          "url": "https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4"
        }
      ],
      "title": "net: mhi: Fix memory leak in mhi_net_dellink()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49817",
    "datePublished": "2025-05-01T14:09:40.325Z",
    "dateReserved": "2025-05-01T14:05:17.227Z",
    "dateUpdated": "2025-05-04T08:45:57.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49817\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:05.103\",\"lastModified\":\"2025-11-07T18:43:37.180\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: mhi: Fix memory leak in mhi_net_dellink()\\n\\nMHI driver registers network device without setting the\\nneeds_free_netdev flag, and does NOT call free_netdev() when\\nunregisters network device, which causes a memory leak.\\n\\nThis patch calls free_netdev() to fix it since netdev_priv\\nis used after unregister.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mhi: Se corrige la p\u00e9rdida de memoria en mhi_net_dellink(). El controlador MHI registra el dispositivo de red sin configurar el indicador needs_free_netdev y NO llama a free_netdev() al cancelar el registro del dispositivo de red, lo que provoca una p\u00e9rdida de memoria. Este parche llama a free_netdev() para corregirla, ya que netdev_priv se utiliza despu\u00e9s de cancelar el registro.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14\",\"versionEndExcluding\":\"5.15.80\",\"matchCriteriaId\":\"44A008B2-444E-4E27-8AFD-6081D13307D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.0.10\",\"matchCriteriaId\":\"64F9ADD1-3ADB-4D66-A00F-4A83010B05F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F0B248-42CF-4AE6-A469-BB1BAE7F4705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2422816-0C14-4B5E-A1E6-A9D776E5C49B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B26BE4-43A6-4A36-A7F6-5B3F572D9186\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}

fkie_cve-2022-49817

Vulnerability from fkie_nvd

Published

2025-05-01 15:16

Modified

2025-11-07 18:43

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.1
linux	linux_kernel	6.1
linux	linux_kernel	6.1
linux	linux_kernel	6.1
linux	linux_kernel	6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A008B2-444E-4E27-8AFD-6081D13307D4",
              "versionEndExcluding": "5.15.80",
              "versionStartIncluding": "5.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F9ADD1-3ADB-4D66-A00F-4A83010B05F0",
              "versionEndExcluding": "6.0.10",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mhi: Fix memory leak in mhi_net_dellink()\n\nMHI driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch calls free_netdev() to fix it since netdev_priv\nis used after unregister."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mhi: Se corrige la p\u00e9rdida de memoria en mhi_net_dellink(). El controlador MHI registra el dispositivo de red sin configurar el indicador needs_free_netdev y NO llama a free_netdev() al cancelar el registro del dispositivo de red, lo que provoca una p\u00e9rdida de memoria. Este parche llama a free_netdev() para corregirla, ya que netdev_priv se utiliza despu\u00e9s de cancelar el registro."
    }
  ],
  "id": "CVE-2022-49817",
  "lastModified": "2025-11-07T18:43:37.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-01T15:16:05.103",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-vxf7-8458-rq8x

Vulnerability from github

Published

2025-05-01 15:31

Modified

2025-11-07 21:31

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

net: mhi: Fix memory leak in mhi_net_dellink()

MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak.

This patch calls free_netdev() to fix it since netdev_priv is used after unregister.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mhi: Fix memory leak in mhi_net_dellink()\n\nMHI driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch calls free_netdev() to fix it since netdev_priv\nis used after unregister.",
  "id": "GHSA-vxf7-8458-rq8x",
  "modified": "2025-11-07T21:31:19Z",
  "published": "2025-05-01T15:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49817"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-49817 (GCVE-0-2022-49817)

Vulnerability from cvelistv5

fkie_cve-2022-49817

Vulnerability from fkie_nvd

ghsa-vxf7-8458-rq8x

Vulnerability from github

Tags

Sightings

Nomenclature