cve-2022-49926
Vulnerability from cvelistv5
Published
2025-05-01 14:11
Modified
2025-05-04 08:48
Severity ?
EPSS score ?
Summary
net: dsa: Fix possible memory leaks in dsa_loop_init()
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/dsa_loop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "935b4beb724946a37cebf97191592d4879d3a3a3",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
},
{
"lessThan": "d593e1ede655b74c42e4e4fe285ea64aee96fb5c",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
},
{
"lessThan": "bbc5d7b46a729bfcbb5544f6612b7a67dd4f4d6f",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
},
{
"lessThan": "37a098fc9b42bd7fce66764866aa514639667b6e",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
},
{
"lessThan": "9f555b1584fc2d5d16ee3c4d9438e93ac7c502c7",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
},
{
"lessThan": "4d2024b138d9f7b02ae13ee997fd3a71e9e46254",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
},
{
"lessThan": "633efc8b3dc96f56f5a57f2a49764853a2fa3f50",
"status": "affected",
"version": "98cd1552ea27e512c7e99e2aa76042a26e4fb25c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/dsa_loop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.265",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.299",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.265",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.224",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.154",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.78",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Fix possible memory leaks in dsa_loop_init()\n\nkmemleak reported memory leaks in dsa_loop_init():\n\nkmemleak: 12 new suspected memory leaks\n\nunreferenced object 0xffff8880138ce000 (size 2048):\n comm \"modprobe\", pid 390, jiffies 4295040478 (age 238.976s)\n backtrace:\n [\u003c000000006a94f1d5\u003e] kmalloc_trace+0x26/0x60\n [\u003c00000000a9c44622\u003e] phy_device_create+0x5d/0x970\n [\u003c00000000d0ee2afc\u003e] get_phy_device+0xf3/0x2b0\n [\u003c00000000dca0c71f\u003e] __fixed_phy_register.part.0+0x92/0x4e0\n [\u003c000000008a834798\u003e] fixed_phy_register+0x84/0xb0\n [\u003c0000000055223fcb\u003e] dsa_loop_init+0xa9/0x116 [dsa_loop]\n ...\n\nThere are two reasons for memleak in dsa_loop_init().\n\nFirst, fixed_phy_register() create and register phy_device:\n\nfixed_phy_register()\n get_phy_device()\n phy_device_create() # freed by phy_device_free()\n phy_device_register() # freed by phy_device_remove()\n\nBut fixed_phy_unregister() only calls phy_device_remove().\nSo the memory allocated in phy_device_create() is leaked.\n\nSecond, when mdio_driver_register() fail in dsa_loop_init(),\nit just returns and there is no cleanup for phydevs.\n\nFix the problems by catching the error of mdio_driver_register()\nin dsa_loop_init(), then calling both fixed_phy_unregister() and\nphy_device_free() to release phydevs.\nAlso add a function for phydevs cleanup to avoid duplacate."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:48:56.154Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/935b4beb724946a37cebf97191592d4879d3a3a3"
},
{
"url": "https://git.kernel.org/stable/c/d593e1ede655b74c42e4e4fe285ea64aee96fb5c"
},
{
"url": "https://git.kernel.org/stable/c/bbc5d7b46a729bfcbb5544f6612b7a67dd4f4d6f"
},
{
"url": "https://git.kernel.org/stable/c/37a098fc9b42bd7fce66764866aa514639667b6e"
},
{
"url": "https://git.kernel.org/stable/c/9f555b1584fc2d5d16ee3c4d9438e93ac7c502c7"
},
{
"url": "https://git.kernel.org/stable/c/4d2024b138d9f7b02ae13ee997fd3a71e9e46254"
},
{
"url": "https://git.kernel.org/stable/c/633efc8b3dc96f56f5a57f2a49764853a2fa3f50"
}
],
"title": "net: dsa: Fix possible memory leaks in dsa_loop_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49926",
"datePublished": "2025-05-01T14:11:04.691Z",
"dateReserved": "2025-05-01T14:05:17.253Z",
"dateUpdated": "2025-05-04T08:48:56.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49926\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:18.440\",\"lastModified\":\"2025-05-02T13:52:51.693\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: dsa: Fix possible memory leaks in dsa_loop_init()\\n\\nkmemleak reported memory leaks in dsa_loop_init():\\n\\nkmemleak: 12 new suspected memory leaks\\n\\nunreferenced object 0xffff8880138ce000 (size 2048):\\n comm \\\"modprobe\\\", pid 390, jiffies 4295040478 (age 238.976s)\\n backtrace:\\n [\u003c000000006a94f1d5\u003e] kmalloc_trace+0x26/0x60\\n [\u003c00000000a9c44622\u003e] phy_device_create+0x5d/0x970\\n [\u003c00000000d0ee2afc\u003e] get_phy_device+0xf3/0x2b0\\n [\u003c00000000dca0c71f\u003e] __fixed_phy_register.part.0+0x92/0x4e0\\n [\u003c000000008a834798\u003e] fixed_phy_register+0x84/0xb0\\n [\u003c0000000055223fcb\u003e] dsa_loop_init+0xa9/0x116 [dsa_loop]\\n ...\\n\\nThere are two reasons for memleak in dsa_loop_init().\\n\\nFirst, fixed_phy_register() create and register phy_device:\\n\\nfixed_phy_register()\\n get_phy_device()\\n phy_device_create() # freed by phy_device_free()\\n phy_device_register() # freed by phy_device_remove()\\n\\nBut fixed_phy_unregister() only calls phy_device_remove().\\nSo the memory allocated in phy_device_create() is leaked.\\n\\nSecond, when mdio_driver_register() fail in dsa_loop_init(),\\nit just returns and there is no cleanup for phydevs.\\n\\nFix the problems by catching the error of mdio_driver_register()\\nin dsa_loop_init(), then calling both fixed_phy_unregister() and\\nphy_device_free() to release phydevs.\\nAlso add a function for phydevs cleanup to avoid duplacate.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: Se corrigen posibles fugas de memoria en dsa_loop_init() kmemleak inform\u00f3 de fugas de memoria en dsa_loop_init(): kmemleak: 12 nuevas fugas de memoria sospechosas objeto no referenciado 0xffff8880138ce000 (tama\u00f1o 2048): comm \\\"modprobe\\\", pid 390, jiffies 4295040478 (edad 238,976 s) backtrace: [\u0026lt;000000006a94f1d5\u0026gt;] kmalloc_trace+0x26/0x60 [\u0026lt;00000000a9c44622\u0026gt;] phy_device_create+0x5d/0x970 [\u0026lt;00000000d0ee2afc\u0026gt;] Hay dos razones para la p\u00e9rdida de memoria en dsa_loop_init(). Primero, fixed_phy_register() crea y registra phy_device: fixed_phy_register() get_phy_device() phy_device_create() # liberado por phy_device_free() phy_device_register() # liberado por phy_device_remove() Pero fixed_phy_unregister() solo llama a phy_device_remove(). Por lo tanto, la memoria asignada en phy_device_create() se filtra. Segundo, cuando mdio_driver_register() falla en dsa_loop_init(), simplemente regresa y no hay limpieza para phydevs. Solucione los problemas capturando el error de mdio_driver_register() en dsa_loop_init(), luego llame a fixed_phy_unregister() y phy_device_free() para liberar phydevs. Tambi\u00e9n agregue una funci\u00f3n para la limpieza de phydevs para evitar la duplicaci\u00f3n.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/37a098fc9b42bd7fce66764866aa514639667b6e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4d2024b138d9f7b02ae13ee997fd3a71e9e46254\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/633efc8b3dc96f56f5a57f2a49764853a2fa3f50\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/935b4beb724946a37cebf97191592d4879d3a3a3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9f555b1584fc2d5d16ee3c4d9438e93ac7c502c7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bbc5d7b46a729bfcbb5544f6612b7a67dd4f4d6f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d593e1ede655b74c42e4e4fe285ea64aee96fb5c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.