CVE-2022-48995

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48995
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48995.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48995
Downstream
Related
Published
2024-10-21T20:06:11.482Z
Modified
2026-04-11T11:56:35.823035Z
Summary
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
Details

In the Linux kernel, the following vulnerability has been resolved:

Input: raydiumtsi2c - fix memory leak in raydiumi2csend()

There is a kmemleak when test the raydiumi2cts with bpf mock device:

unreferenced object 0xffff88812d3675a0 (size 8): comm "python3", pid 349, jiffies 4294741067 (age 95.695s) hex dump (first 8 bytes): 11 0e 10 c0 01 00 04 00 ........ backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydiumi2csend+0xd4/0x2bf [raydium_i2cts] [<000000006e631aee>] raydiumi2cinitialize.cold+0xbc/0x3e4 [raydiumi2cts] [<00000000dc6fcf38>] raydiumi2cprobe+0x3cd/0x6bc [raydiumi2cts] [<00000000a310de16>] i2cdeviceprobe+0x651/0x680 [<00000000f5a96bf3>] reallyprobe+0x17c/0x3f0 [<00000000096ba499>] __driverprobedevice+0xe3/0x170 [<00000000c5acb4d9>] driverprobedevice+0x49/0x120 [<00000000264fe082>] __deviceattachdriver+0xf7/0x150 [<00000000f919423c>] busforeach_drv+0x114/0x180 [<00000000e067feca>] __deviceattach+0x1e5/0x2d0 [<0000000054301fc2>] busprobedevice+0x126/0x140 [<00000000aad93b22>] deviceadd+0x810/0x1130 [<00000000c086a53f>] i2cnewclientdevice+0x352/0x4e0 [<000000003c2c248c>] ofi2cregisterdevice+0xf1/0x110 [<00000000ffec4177>] ofi2cnotify+0x100/0x160 unreferenced object 0xffff88812d3675c8 (size 8): comm "python3", pid 349, jiffies 4294741070 (age 95.692s) hex dump (first 8 bytes): 22 00 36 2d 81 88 ff ff ".6-.... backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydiumi2csend+0xd4/0x2bf [raydium_i2cts] [<000000001d5c9620>] raydiumi2cinitialize.cold+0x223/0x3e4 [raydiumi2cts] [<00000000dc6fcf38>] raydiumi2cprobe+0x3cd/0x6bc [raydiumi2cts] [<00000000a310de16>] i2cdeviceprobe+0x651/0x680 [<00000000f5a96bf3>] reallyprobe+0x17c/0x3f0 [<00000000096ba499>] __driverprobedevice+0xe3/0x170 [<00000000c5acb4d9>] driverprobedevice+0x49/0x120 [<00000000264fe082>] __deviceattachdriver+0xf7/0x150 [<00000000f919423c>] busforeach_drv+0x114/0x180 [<00000000e067feca>] __deviceattach+0x1e5/0x2d0 [<0000000054301fc2>] busprobedevice+0x126/0x140 [<00000000aad93b22>] deviceadd+0x810/0x1130 [<00000000c086a53f>] i2cnewclientdevice+0x352/0x4e0 [<000000003c2c248c>] ofi2cregisterdevice+0xf1/0x110 [<00000000ffec4177>] ofi2cnotify+0x100/0x160

After BANKSWITCH command from i2c BUS, no matter success or error happened, the txbuf should be freed.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48995.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2a
Fixed
a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61
Fixed
53b9b1201e34ccc895971218559123625c56fbcd
Fixed
097c1c7a28e3da8f2811ba532be6e81faab15aab
Fixed
8c9a59939deb4bfafdc451100c03d1e848b4169b

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48995.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.10.0
Fixed
5.10.158
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.82
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.12

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48995.json"