CVE-2022-49981

MEDIUM EPSS 10.6%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unreferenced object 0xffff88810e72f180 (size 32): comm "softirq", pid 0, jiffies 4294945143 (age 16.080s) hex dump (first 32 bytes): 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff814ac6c3>] kmemdup+0x23/0x50 mm/util.c:128 [<ffffffff8357c1d2>] kmemdup include/linux/fortify-string.h:440 [inline] [<ffffffff8357c1d2>] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521 [<ffffffff8356ddad>] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992 [<ffffffff8356e41e>] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065 [<ffffffff835f0d3f>] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284 [<ffffffff82d3c7f9>] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670 [<ffffffff82d3cc26>] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747 [<ffffffff82ef1e14>] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988 [<ffffffff812f50a8>] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474 [<ffffffff812f5586>] expire_timers kernel/time/timer.c:1519 [inline] [<ffffffff812f5586>] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790 [<ffffffff812f56e4>] __run_timers kernel/time/timer.c:1768 [inline] [<ffffffff812f56e4>] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803 [<ffffffff848000e6>] __do_softirq+0xe6/0x2ea kernel/softirq.c:571 [<ffffffff81246db0>] invoke_softirq kernel/softirq.c:445 [inline] [<ffffffff81246db0>] __irq_exit_rcu kernel/softirq.c:650 [inline] [<ffffffff81246db0>] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662 [<ffffffff84574f02>] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106 [<ffffffff84600c8b>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649 [<ffffffff8458a070>] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] [<ffffffff8458a070>] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] [<ffffffff8458a070>] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] [<ffffffff8458a070>] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥2.6.24  –  <4.9.327
linuxlinux_kernel*≥4.10  –  <4.14.292
linuxlinux_kernel*≥4.15  –  <4.19.257
linuxlinux_kernel*≥4.20  –  <5.4.212
linuxlinux_kernel*≥5.5  –  <5.10.141
linuxlinux_kernel*≥5.11  –  <5.15.65
linuxlinux_kernel*≥5.16  –  <5.19.7
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1bea0bbf66001b0c7bf239a4d70eaf47824d3feb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/52a3c62a815161c2dcf38ac421f6c41d8679462b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53c7c4d5d40b45c127cb1193bf3e9670f844c3cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e2fa79226580b035b00260d9f240ab9bda4af5d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a5623a203cffe2d2b84d2f6c989d9017db1856af
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c06b013f5cbfeafe0a9cfa5a7128604c34e0e517
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfd27a737283313a3e626e97b9d9b2d8d6a94188
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f5b7e9611cffec345d62d5bdd8b6e30e89956818
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1bea0bbf66001b0c7bf239a4d70eaf47824d3feb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/52a3c62a815161c2dcf38ac421f6c41d8679462b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53c7c4d5d40b45c127cb1193bf3e9670f844c3cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e2fa79226580b035b00260d9f240ab9bda4af5d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a5623a203cffe2d2b84d2f6c989d9017db1856af
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c06b013f5cbfeafe0a9cfa5a7128604c34e0e517
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfd27a737283313a3e626e97b9d9b2d8d6a94188
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f5b7e9611cffec345d62d5bdd8b6e30e89956818
    Patch