cve-2022-49653
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 12:45
Severity ?
EPSS score ?
Summary
i2c: piix4: Fix a memory leak in the EFCH MMIO support
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-piix4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d2bf1a6480e8d44658a8ac3bdcec081238873212",
"status": "affected",
"version": "4b965566ca26e83553d92b8c57050e5d59911806",
"versionType": "git"
},
{
"lessThan": "a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19",
"status": "affected",
"version": "7c148722d074c29fb998578eea5de3c14b9608c9",
"versionType": "git"
},
{
"lessThan": "8ad59b397f86a4d8014966fdc0552095a0c4fb2b",
"status": "affected",
"version": "7c148722d074c29fb998578eea5de3c14b9608c9",
"versionType": "git"
},
{
"status": "affected",
"version": "f48190bca4b1a397f2e050efea2c8e8e72049ec8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-piix4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "5.15.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.11",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: piix4: Fix a memory leak in the EFCH MMIO support\n\nThe recently added support for EFCH MMIO regions introduced a memory\nleak in that code path. The leak is caused by the fact that\nrelease_resource() merely removes the resource from the tree but does\nnot free its memory. We need to call release_mem_region() instead,\nwhich does free the memory. As a nice side effect, this brings back\nsome symmetry between the legacy and MMIO paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:03.594Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d2bf1a6480e8d44658a8ac3bdcec081238873212"
},
{
"url": "https://git.kernel.org/stable/c/a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19"
},
{
"url": "https://git.kernel.org/stable/c/8ad59b397f86a4d8014966fdc0552095a0c4fb2b"
}
],
"title": "i2c: piix4: Fix a memory leak in the EFCH MMIO support",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49653",
"datePublished": "2025-02-26T02:23:54.484Z",
"dateReserved": "2025-02-26T02:21:30.433Z",
"dateUpdated": "2025-05-04T12:45:03.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49653\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:40.420\",\"lastModified\":\"2025-03-11T22:25:05.953\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ni2c: piix4: Fix a memory leak in the EFCH MMIO support\\n\\nThe recently added support for EFCH MMIO regions introduced a memory\\nleak in that code path. The leak is caused by the fact that\\nrelease_resource() merely removes the resource from the tree but does\\nnot free its memory. We need to call release_mem_region() instead,\\nwhich does free the memory. As a nice side effect, this brings back\\nsome symmetry between the legacy and MMIO paths.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: piix4: Se corrige una p\u00e9rdida de memoria en el soporte EFCH MMIO El soporte recientemente agregado para regiones EFCH MMIO introdujo una p\u00e9rdida de memoria en esa ruta de c\u00f3digo. La p\u00e9rdida se debe al hecho de que release_resource() simplemente elimina el recurso del \u00e1rbol pero no libera su memoria. En su lugar, debemos llamar a release_mem_region(), que libera la memoria. Como un buen efecto secundario, esto recupera cierta simetr\u00eda entre las rutas heredadas y MMIO.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.42\",\"versionEndExcluding\":\"5.15.54\",\"matchCriteriaId\":\"06B4215D-581E-4AA1-AD85-5EEEB80BE75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.17.10\",\"versionEndExcluding\":\"5.18.11\",\"matchCriteriaId\":\"6580DB44-FFFF-48BD-84AD-350A42266201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C30C2D-F82D-4D37-AB48-D76ABFBD5377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8547FC-C849-4F1B-804B-A93AE2F04A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3068028-F453-4A1C-B80F-3F5609ACEF60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9C0DB0-D349-489F-A3D6-B77214E93A8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A0DE3B7-0FFB-45AA-9BD6-19870CA7C6FD\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/8ad59b397f86a4d8014966fdc0552095a0c4fb2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d2bf1a6480e8d44658a8ac3bdcec081238873212\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.