CVE-2022-49028

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak")

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a	Patch
https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181	Patch
https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2	Patch
https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::

History

24 Oct 2024, 15:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
CWE		CWE-459
References	~~() https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a -~~	() https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a - Patch
References	~~() https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181 -~~	() https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181 - Patch
References	~~() https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2 -~~	() https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2 - Patch
References	~~() https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d -~~	() https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d - Patch

23 Oct 2024, 15:12

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ixgbevf: Se solucionó la pérdida de recursos en ixgbevf_init_module() ixgbevf_init_module() no destruirá la cola de trabajo creada por create_singlethread_workqueue() cuando pci_register_driver() falló. Agregue destroy_workqueue() en la ruta de error para evitar la pérdida de recursos. Similar al manejo de u132_hcd_init en el commit f276e002793c ("usb: u132-hcd: fix resource leak")

21 Oct 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2024-10-24 15:51

NVD link : CVE-2022-49028

Mitre link : CVE-2022-49028

CVE.ORG link : CVE-2022-49028

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-459

Incomplete Cleanup

5.5 /10