CVE-2022-49896
- Source
- https://cve.org/CVERecord?id=CVE-2022-49896
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49896.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49896
- Downstream
- Published
- 2025-05-01T14:10:38.336Z
- Modified
- 2026-03-12T03:25:55.576672Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cxl/pmem: Fix cxlpmemregion and cxl_memdev leak
When a cxlnvdimm object goes through a ->remove() event (device physically removed, nvdimm-bridge disabled, or nvdimm device disabled), then any associated regions must also be disabled. As highlighted by the cxl-create-region.sh test [1], a single device may host multiple regions, but the driver was only tracking one region at a time. This leads to a situation where only the last enabled region per nvdimm device is cleaned up properly. Other regions are leaked, and this also causes cxlmemdev reference leaks.
Fix the tracking by allowing cxl_nvdimm objects to track multiple region associations.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49896.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4d07ae22e79ebc2d7528bbc69daa53b86981cb3a
- https://git.kernel.org/stable/c/f43b6bfdbab78606735ba81185cf0602b81e40b6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49896.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49896