CVE-2022-49906

MEDIUM EPSS 5.3%
Published May 1, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets") introduces an issue that results in a 32 byte memory leak whenever the last rwi in the list gets processed.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.14  –  <5.15.78
linuxlinux_kernel*≥5.16  –  <6.0.8
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/535b78739ae75f257c894a05b1afa86ad9a3669e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3543a287cfba9105dcc4bb41eb817f51266caaf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6dd2fe71153f0ff748bf188bd4af076fe09a0a6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/535b78739ae75f257c894a05b1afa86ad9a3669e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3543a287cfba9105dcc4bb41eb817f51266caaf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6dd2fe71153f0ff748bf188bd4af076fe09a0a6
    Patch