CVE-2022-49855

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg ipc_pcie_read_bios_cfg() is using the acpi_evaluate_dsm() to obtain the wwan power state configuration from BIOS but is not freeing the acpi_object. The acpi_evaluate_dsm() returned acpi_object to be freed. Free the acpi_object after use.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/13b1ea861e8aeb701bcfbfe436b943efa2d44029	Patch
https://git.kernel.org/stable/c/7560ceef4d2832a67e8781d924e129c7f542376f	Patch
https://git.kernel.org/stable/c/d38a648d2d6cc7bee11c6f533ff9426a00c2a74c	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::

History

07 May 2025, 13:31

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-401
References	~~() https://git.kernel.org/stable/c/13b1ea861e8aeb701bcfbfe436b943efa2d44029 -~~	() https://git.kernel.org/stable/c/13b1ea861e8aeb701bcfbfe436b943efa2d44029 - Patch
References	~~() https://git.kernel.org/stable/c/7560ceef4d2832a67e8781d924e129c7f542376f -~~	() https://git.kernel.org/stable/c/7560ceef4d2832a67e8781d924e129c7f542376f - Patch
References	~~() https://git.kernel.org/stable/c/d38a648d2d6cc7bee11c6f533ff9426a00c2a74c -~~	() https://git.kernel.org/stable/c/d38a648d2d6cc7bee11c6f533ff9426a00c2a74c - Patch

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: iosm: se corrige la pérdida de memoria en ipc_pcie_read_bios_cfg. ipc_pcie_read_bios_cfg() utiliza acpi_evaluate_dsm() para obtener la configuración del estado de energía de wwan desde la BIOS, pero no libera acpi_object. Acpi_evaluate_dsm() devolvió acpi_object para su liberación. Libere acpi_object después de su uso.

01 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 15:16

Updated : 2025-05-07 13:31

NVD link : CVE-2022-49855

Mitre link : CVE-2022-49855

CVE.ORG link : CVE-2022-49855

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10