CVE-2022-49657

Опубликовано: 26 фев. 2025

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer

Отчет

The bug could happen on error path for some specific cases of network links over USB being used. It leads to memory leak only, so the security impact is limited.

Меры по смягчению последствий

To mitigate this issue, prevent module usbnet from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Affected
Red Hat Enterprise Linux 8	kernel-rt	Affected
Red Hat Enterprise Linux 9	kernel	Affected
Red Hat Enterprise Linux 9	kernel-rt	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-401

https://bugzilla.redhat.com/show_bug.cgi?id=2347707kernel: usbnet: fix memory leak in error case

EPSS

Процентиль: 9%

0.00033

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-49657

CVSS3: 5.5

ubuntu

10 месяцев назад

CVE-2022-49657

CVSS3: 5.5

nvd

10 месяцев назад

CVE-2022-49657

CVSS3: 5.5

debian

10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: u ...

GHSA-98w9-rphx-h82j

CVSS3: 5.5

github

9 месяцев назад

ELSA-2025-20518-0

oracle-oval

27 дней назад

ELSA-2025-20518-0: kernel security update (MODERATE)

EPSS

Процентиль: 9%

0.00033

Низкий

4.7 Medium

CVSS3