CVE-2022-49982
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel when using the pvrusb2 media driver. Over time, this could cause increased memory usage and potentially degrade system performance or stability due to unreleased resources.
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's pvrusb2 media driver. Specifically, the error handling code in the function pvr2_hdw_create fails to unregister the v4l2 device, causing a reference count issue. When pvr2_hdw_create returns to pvr2_context_create, the context destruction function pvr2_context_destroy is called, but because the hardware pointer is NULL, the destruction function returns early without properly cleaning up. The fix involves adding a call to v4l2_device_unregister to properly decrease the USB interface's reference count and prevent the memory leak.