Description

In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.

INFO

Published Date :

2025-02-26T01:55:37.629Z

Last Modified :

2025-11-03T19:27:48.713Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49190 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49190.

URL Resource
https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892 cve-icon cve-icon
https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7 cve-icon cve-icon
https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27 cve-icon cve-icon
https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56 cve-icon cve-icon
https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025022616-CVE-2022-49190-3c68@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49190 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49190 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact