CVE-2022-49741

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49741
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49741.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49741
Downstream
Related
Published
2025-03-27T16:42:52.994Z
Modified
2026-04-11T12:44:26.955621Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
fbdev: smscufx: fix error handling code in ufx_usb_probe
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: smscufx: fix error handling code in ufxusbprobe

The current error handling code in ufxusbprobe have many unmatching issues, e.g., missing ufxfreeusblist, destroymodedb label should only include framebufferrelease, fbdealloccmap only matches fballoc_cmap.

My local syzkaller reports a memory leak bug:

memory leak in ufxusbprobe

BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 17416, jiffies 4295067474 (age 46.710s) hex dump (first 32 bytes): 80 21 7c 2e 80 88 ff ff 18 d0 d0 0c 80 88 ff ff .!|............. 00 d0 d0 0c 80 88 ff ff e0 ff ff ff 0f 00 00 00 ................ backtrace: [<ffffffff814c99a0>] kmalloctrace+0x20/0x90 mm/slabcommon.c:1045 [<ffffffff824d219c>] kmalloc include/linux/slab.h:553 [inline] [<ffffffff824d219c>] kzalloc include/linux/slab.h:689 [inline] [<ffffffff824d219c>] ufxallocurblist drivers/video/fbdev/smscufx.c:1873 [inline] [<ffffffff824d219c>] ufxusbprobe+0x11c/0x15a0 drivers/video/fbdev/smscufx.c:1655 [<ffffffff82d17927>] usbprobeinterface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff82712f0d>] calldriverprobe drivers/base/dd.c:560 [inline] [<ffffffff82712f0d>] reallyprobe+0x12d/0x390 drivers/base/dd.c:639 [<ffffffff8271322f>] __driverprobedevice+0xbf/0x140 drivers/base/dd.c:778 [<ffffffff827132da>] driverprobedevice+0x2a/0x120 drivers/base/dd.c:808 [<ffffffff82713c27>] __deviceattachdriver+0xf7/0x150 drivers/base/dd.c:936 [<ffffffff82710137>] busforeach_drv+0xb7/0x100 drivers/base/bus.c:427 [<ffffffff827136b5>] __deviceattach+0x105/0x2d0 drivers/base/dd.c:1008 [<ffffffff82711d36>] busprobedevice+0xc6/0xe0 drivers/base/bus.c:487 [<ffffffff8270e242>] deviceadd+0x642/0xdc0 drivers/base/core.c:3517 [<ffffffff82d14d5f>] usbsetconfiguration+0x8ef/0xb80 drivers/usb/core/message.c:2170 [<ffffffff82d2576c>] usbgenericdriverprobe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<ffffffff82d16ffc>] usbprobedevice+0x5c/0x140 drivers/usb/core/driver.c:293 [<ffffffff82712f0d>] calldriverprobe drivers/base/dd.c:560 [inline] [<ffffffff82712f0d>] reallyprobe+0x12d/0x390 drivers/base/dd.c:639 [<ffffffff8271322f>] __driverprobedevice+0xbf/0x140 drivers/base/dd.c:778

Fix this bug by rewriting the error handling code in ufxusbprobe.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49741.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5385af2f89bc352fb70753ab41b2bb036190141f
Fixed
3b3d3127f5b4291ae4caaf50f7b66089ad600480
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d9ddfeb01fb95ffbbc7031d46a5ee2a5e45cbb86
Fixed
3931014367ef31d26af65386a4ca496f50f0cfdf
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cc6a7249842fceda7574ceb63275a2d5e99d2862
Fixed
64fa364ad3245508d393e16ed4886f92d7eb423c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cc67482c9e5f2c80d62f623bcc347c29f9f648e1
Fixed
1b4c08844628dfc8d72d3f51b657f2a5e63b7b4b
Fixed
b76449ee75e21acfe9fa4c653d8598f191ed7d68
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6f2075ea883e5d7730d0c9ebb1bb8e7a1a7e953f
Last affected
3f40852d671072836fb7ae331a1f28a24223c4e8
Last affected
70faf9d9b6cc74418716bbf76fe75bd2da10ad4a
Last affected
8d924b262f3178a9b17c17d4306a9f426c508bd9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49741.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.232
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.168
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.93
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.11

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49741.json"