CVE-2022-49981
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/06/2025
Last modified:
14/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
HID: hidraw: fix memory leak in hidraw_release()<br />
<br />
Free the buffered reports before deleting the list entry.<br />
<br />
BUG: memory leak<br />
unreferenced object 0xffff88810e72f180 (size 32):<br />
comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)<br />
hex dump (first 32 bytes):<br />
64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
backtrace:<br />
[] kmemdup+0x23/0x50 mm/util.c:128<br />
[] kmemdup include/linux/fortify-string.h:440 [inline]<br />
[] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521<br />
[] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992<br />
[] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065<br />
[] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284<br />
[] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670<br />
[] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747<br />
[] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988<br />
[] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474<br />
[] expire_timers kernel/time/timer.c:1519 [inline]<br />
[] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790<br />
[] __run_timers kernel/time/timer.c:1768 [inline]<br />
[] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803<br />
[] __do_softirq+0xe6/0x2ea kernel/softirq.c:571<br />
[] invoke_softirq kernel/softirq.c:445 [inline]<br />
[] __irq_exit_rcu kernel/softirq.c:650 [inline]<br />
[] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662<br />
[] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106<br />
[] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649<br />
[] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]<br />
[] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]<br />
[] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]<br />
[] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.24 (including) | 4.9.327 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.292 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.257 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.212 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.141 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.65 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.19.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1bea0bbf66001b0c7bf239a4d70eaf47824d3feb
- https://git.kernel.org/stable/c/52a3c62a815161c2dcf38ac421f6c41d8679462b
- https://git.kernel.org/stable/c/53c7c4d5d40b45c127cb1193bf3e9670f844c3cf
- https://git.kernel.org/stable/c/7e2fa79226580b035b00260d9f240ab9bda4af5d
- https://git.kernel.org/stable/c/a5623a203cffe2d2b84d2f6c989d9017db1856af
- https://git.kernel.org/stable/c/c06b013f5cbfeafe0a9cfa5a7128604c34e0e517
- https://git.kernel.org/stable/c/dfd27a737283313a3e626e97b9d9b2d8d6a94188
- https://git.kernel.org/stable/c/f5b7e9611cffec345d62d5bdd8b6e30e89956818