{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49830", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.228Z", "datePublished": "2025-05-01T14:09:48.918Z", "dateUpdated": "2025-05-04T08:46:25.368Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:46:25.368Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won't be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won't be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<.............\n backtrace:\n [<000000007251f72d>] __kmalloc+0x4b/0x1c0\n [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0\n [<000000004452a479>] platform_device_register_full+0x24/0x1c0\n [<0000000089f4ea61>] 0xffffffffa0736051\n [<00000000235b2441>] do_one_initcall+0x7a/0x380\n [<0000000001a4a177>] do_init_module+0x5c/0x230\n [<000000002bf8a8e2>] load_module+0x227d/0x2420\n [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140\n [<00000000c99fc324>] do_syscall_64+0x3f/0x90\n [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/drm_drv.c"], "versions": [{"version": "2cbf7fc6718b9443ecd6261308c6348d8ffcccae", "lessThan": "c47a823ea186263ab69cfb665327b7f72cb5e779", "status": "affected", "versionType": "git"}, {"version": "2cbf7fc6718b9443ecd6261308c6348d8ffcccae", "lessThan": "07e56de8766fe5be67252596244b84ac0ec0de91", "status": "affected", "versionType": "git"}, {"version": "2cbf7fc6718b9443ecd6261308c6348d8ffcccae", "lessThan": "bd8d1335e6e70a396094ef98913b513140c0b86b", "status": "affected", "versionType": "git"}, {"version": "2cbf7fc6718b9443ecd6261308c6348d8ffcccae", "lessThan": "ff963634f7b2e0dc011349abb3fb81a0d074f443", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/drm_drv.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.156", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.80", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.10", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.156"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.15.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c47a823ea186263ab69cfb665327b7f72cb5e779"}, {"url": "https://git.kernel.org/stable/c/07e56de8766fe5be67252596244b84ac0ec0de91"}, {"url": "https://git.kernel.org/stable/c/bd8d1335e6e70a396094ef98913b513140c0b86b"}, {"url": "https://git.kernel.org/stable/c/ff963634f7b2e0dc011349abb3fb81a0d074f443"}], "title": "drm/drv: Fix potential memory leak in drm_dev_init()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BE6700E-DF20-41B4-AB3C-6375B309FA3C", "versionEndExcluding": "5.10.156", "versionStartIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "51BBEF3B-79F5-4D4C-ADBA-F34DA0E2465C", "versionEndExcluding": "5.15.80", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "64F9ADD1-3ADB-4D66-A00F-4A83010B05F0", "versionEndExcluding": "6.0.10", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won't be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won't be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<.............\n backtrace:\n [<000000007251f72d>] __kmalloc+0x4b/0x1c0\n [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0\n [<000000004452a479>] platform_device_register_full+0x24/0x1c0\n [<0000000089f4ea61>] 0xffffffffa0736051\n [<00000000235b2441>] do_one_initcall+0x7a/0x380\n [<0000000001a4a177>] do_init_module+0x5c/0x230\n [<000000002bf8a8e2>] load_module+0x227d/0x2420\n [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140\n [<00000000c99fc324>] do_syscall_64+0x3f/0x90\n [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/drv: Se solucion\u00f3 una posible fuga de memoria en drm_dev_init(). drm_dev_init() a\u00f1adir\u00e1 drm_dev_init_release() como devoluci\u00f3n de llamada. Si drmm_add_action() falla, la funci\u00f3n de liberaci\u00f3n no se a\u00f1adir\u00e1. Como resultado, el valor de referencia a\u00f1adido por device_get() en drm_dev_init() no se incluir\u00e1 en drm_dev_init_release(), lo que provoca la fuga de memoria. Utilice drmm_add_action_or_reset() en lugar de drmm_add_action() para evitar la fuga de memoria. objeto sin referencia 0xffff88810bc0c800 (tama\u00f1o 2048): comm \"modprobe\", pid 8322, jiffies 4305809845 (antig\u00fcedad 15.292s) volcado hexadecimal (primeros 32 bytes): e8 cc c0 0b 81 88 ff ff ff ff ff ff ff 00 00 00 00 ................ 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $&lt;............. backtrace: [&lt;000000007251f72d&gt;] __kmalloc+0x4b/0x1c0 [&lt;0000000045f21f26&gt;] platform_device_alloc+0x2d/0xe0 [&lt;000000004452a479&gt;] platform_device_register_full+0x24/0x1c0 [&lt;0000000089f4ea61&gt;] 0xffffffffa0736051 [&lt;00000000235b2441&gt;] do_one_initcall+0x7a/0x380 [&lt;0000000001a4a177&gt;] do_init_module+0x5c/0x230 [&lt;000000002bf8a8e2&gt;] load_module+0x227d/0x2420 [&lt;00000000637d6d0a&gt;] __do_sys_finit_module+0xd5/0x140 [&lt;00000000c99fc324&gt;] do_syscall_64+0x3f/0x90 [&lt;000000004d85aa77&gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd "}], "id": "CVE-2022-49830", "lastModified": "2025-11-10T19:58:04.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-01T15:16:06.470", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07e56de8766fe5be67252596244b84ac0ec0de91"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd8d1335e6e70a396094ef98913b513140c0b86b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c47a823ea186263ab69cfb665327b7f72cb5e779"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff963634f7b2e0dc011349abb3fb81a0d074f443"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/drv: Fix potential memory leak in drm_dev_init()", "id": "2363418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363418"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/drv: Fix potential memory leak in drm_dev_init()\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won't be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won't be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\nunreferenced object 0xffff88810bc0c800 (size 2048):\ncomm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\nhex dump (first 32 bytes):\ne8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<.............\nbacktrace:\n[<000000007251f72d>] __kmalloc+0x4b/0x1c0\n[<0000000045f21f26>] platform_device_alloc+0x2d/0xe0\n[<000000004452a479>] platform_device_register_full+0x24/0x1c0\n[<0000000089f4ea61>] 0xffffffffa0736051\n[<00000000235b2441>] do_one_initcall+0x7a/0x380\n[<0000000001a4a177>] do_init_module+0x5c/0x230\n[<000000002bf8a8e2>] load_module+0x227d/0x2420\n[<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140\n[<00000000c99fc324>] do_syscall_64+0x3f/0x90\n[<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"], "name": "CVE-2022-49830", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49830\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49830\nhttps://lore.kernel.org/linux-cve-announce/2025050136-CVE-2022-49830-70c0@gregkh/T"], "statement": "This patch fixes a potential memory leak in drm_dev_init() caused by failure in drmm_add_action(). If this call fails, the release function is not registered, and the reference count incremented by device_get() is never released \u2014 leading to a memory leak. Replacing drmm_add_action() with drmm_add_action_or_reset() ensures cleanup is triggered correctly on failure. Without the fix, failing to register a cleanup handler can result in unreferenced memory being leaked during device initialization, especially during module load via modprobe.", "threat_severity": "Low"}