5.5 CVE-2022-48863

Patch
 

In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates dup pointer by kstrdup(cfg), but then it updates dup variable by strsep(&dup, "|"). As a result when it calls kfree(dup), the dup variable contains NULL. Found by Linux Driver Verification project (linuxtesting.org) with SVACE.
https://nvd.nist.gov/vuln/detail/CVE-2022-48863

Categories

CWE-401 : Missing Release of Memory after Effective Lifetime
This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 2.6.27 < 5.10.106
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.11 < 5.15.29
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.16 < 5.16.15


REMEDIATION


Patch

Url
https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f
https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b
https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb
https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5
https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f
https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b
https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb
https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5


EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry