CVE-2022-49713

March 11, 2025, 10:29 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we should call usb_put_hcd to free it when platform_get_resource() fails to prevent memory leak. goto error2 label instead error1 to fix this.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 5.19

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 5.19 rc1 / / / / / /
o linux linux_kernel 5.19 rc2 / / / / / /

References

https://git.kernel.org/stable/c/3755278f078460b021cd0384562977bf2039a57a
https://git.kernel.org/stable/c/52bfcedbfd5bf962dbdcb6e761f4d0dd3ba26dfd
https://git.kernel.org/stable/c/6506aff2dc2f7059aa3d45ee2e8639b25e87090f
https://git.kernel.org/stable/c/701d8ec01e0f229d4db6f43d3d64ee479120cbeb
https://git.kernel.org/stable/c/84e6d0af87e27bbc0db94f2e7323b34abe17b6e5
https://git.kernel.org/stable/c/981ee40649e5fd9550f82db1fbb3bfab037da346
https://git.kernel.org/stable/c/a44a8a762f7fe9ad3c065813d058e835a6180cb2

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-401
2025-02-26
CVE-2022-49713

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: Feb. 26, 2025, 7:01 a.m.
  • Last Modified: March 11, 2025, 10:29 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.