CVE-2022-49817 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak. This patch calls free_netdev() to fix it since netdev_priv is used after unregister.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff
https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927
https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4
https://lore.kernel.org/linux-cve-announce/2025050132-CVE-2022-49817-0a77@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49817
https://www.cve.org/CVERecord?id=CVE-2022-49817

History

Sat, 07 Jun 2025 03:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 02 May 2025 14:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025050132-CVE-2022-49817-0a77@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49817 https://www.cve.org/CVERecord?id=CVE-2022-49817
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 01 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak. This patch calls free_netdev() to fix it since netdev_priv is used after unregister.
Title		net: mhi: Fix memory leak in mhi_net_dellink()
References		https://git.kernel.org/stable/c/25a270343b0f16e1f6e65f541a15975a35e238ff https://git.kernel.org/stable/c/88da008e5e2f9753726ea5a51ef2eb144e9de927 https://git.kernel.org/stable/c/f7c125bd79f50ec6094761090be81d02726ec6f4

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-05-01T14:09:40.325Z

Updated: 2025-05-04T08:45:57.391Z

Reserved: 2025-05-01T14:05:17.227Z

Link: CVE-2022-49817

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-05-01T15:16:05.103

Modified: 2025-05-02T13:53:20.943

Link: CVE-2022-49817

Redhat

Severity : Moderate

Publid Date: 2025-05-01T00:00:00Z

Links: CVE-2022-49817 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object