CVE-2022-49190
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49190
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49190.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49190
- Downstream
- Related
- Published
- 2025-02-26T07:00:56Z
- Modified
- 2025-08-09T20:01:27Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
kernel/resource: fix kfree() of bootmem memory again
Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via allocresource(). And it's required to release the resource using freeresource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.
- References
-
- https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892
- https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27
- https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56
- https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8
- https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7