CVE-2022-49024

MEDIUM EPSS 14.3%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.11  –  <5.15.82
linuxlinux_kernel*≥5.16  –  <6.0.12
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656
    Patch