Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2022-49926— net: dsa: Fix possible memory leaks in dsa_loop_init()

AI Predicted 5.5 Difficulty: Theoretical EPSS 0.15% · P4

Affected Version Matrix 16

VendorProductVersion RangeStatus
LinuxLinux98cd1552ea27e512c7e99e2aa76042a26e4fb25c< 935b4beb724946a37cebf97191592d4879d3a3a3affected
98cd1552ea27e512c7e99e2aa76042a26e4fb25c< d593e1ede655b74c42e4e4fe285ea64aee96fb5caffected
98cd1552ea27e512c7e99e2aa76042a26e4fb25c< bbc5d7b46a729bfcbb5544f6612b7a67dd4f4d6faffected
98cd1552ea27e512c7e99e2aa76042a26e4fb25c< 37a098fc9b42bd7fce66764866aa514639667b6eaffected
98cd1552ea27e512c7e99e2aa76042a26e4fb25c< 9f555b1584fc2d5d16ee3c4d9438e93ac7c502c7affected
98cd1552ea27e512c7e99e2aa76042a26e4fb25c< 4d2024b138d9f7b02ae13ee997fd3a71e9e46254affected
98cd1552ea27e512c7e99e2aa76042a26e4fb25c< 633efc8b3dc96f56f5a57f2a49764853a2fa3f50affected
4.12affected
… +8 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-49926

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: dsa: Fix possible memory leaks in dsa_loop_init()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: dsa: Fix possible memory leaks in dsa_loop_init() kmemleak reported memory leaks in dsa_loop_init(): kmemleak: 12 new suspected memory leaks unreferenced object 0xffff8880138ce000 (size 2048): comm "modprobe", pid 390, jiffies 4295040478 (age 238.976s) backtrace: [<000000006a94f1d5>] kmalloc_trace+0x26/0x60 [<00000000a9c44622>] phy_device_create+0x5d/0x970 [<00000000d0ee2afc>] get_phy_device+0xf3/0x2b0 [<00000000dca0c71f>] __fixed_phy_register.part.0+0x92/0x4e0 [<000000008a834798>] fixed_phy_register+0x84/0xb0 [<0000000055223fcb>] dsa_loop_init+0xa9/0x116 [dsa_loop] ... There are two reasons for memleak in dsa_loop_init(). First, fixed_phy_register() create and register phy_device: fixed_phy_register() get_phy_device() phy_device_create() # freed by phy_device_free() phy_device_register() # freed by phy_device_remove() But fixed_phy_unregister() only calls phy_device_remove(). So the memory allocated in phy_device_create() is leaked. Second, when mdio_driver_register() fail in dsa_loop_init(), it just returns and there is no cleanup for phydevs. Fix the problems by catching the error of mdio_driver_register() in dsa_loop_init(), then calling both fixed_phy_unregister() and phy_device_free() to release phydevs. Also add a function for phydevs cleanup to avoid duplacate.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于dsa_loop_init内存泄漏,可能导致资源耗尽。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 98cd1552ea27e512c7e99e2aa76042a26e4fb25c ~ 935b4beb724946a37cebf97191592d4879d3a3a3 -
LinuxLinux 4.12 -

II. Public POCs for CVE-2022-49926

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-49926

登录查看更多情报信息。

Patches & Fixes for CVE-2022-49926 (7)

Same Patch Batch · Linux · 2025-05-01 · 245 CVEs total

CVE-2022-49852riscv: process: fix kernel info leakage
CVE-2022-49836siox: fix possible memory leak in siox_device_add()
CVE-2022-49837bpf: Fix memory leaks in __check_func_call
CVE-2022-49838sctp: clear out_curr if all frag chunks of current msg are pruned
CVE-2022-49840bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
CVE-2022-49839scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
CVE-2022-49841serial: imx: Add missing .thaw_noirq hook
CVE-2022-49842ASoC: core: Fix use-after-free in snd_soc_exit()
CVE-2022-49844can: dev: fix skb drop check
CVE-2022-49845can: j1939: j1939_send_one(): fix missing CAN header initialization
CVE-2022-49846udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
CVE-2022-49847net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload
CVE-2022-49849btrfs: fix match incorrectly in dev_args_match_device
CVE-2022-49848phy: qcom-qmp-combo: fix NULL-deref on runtime resume
CVE-2022-49850nilfs2: fix deadlock in nilfs_count_free_blocks()
CVE-2022-49851riscv: fix reserved memory setup
CVE-2022-49863can: af_can: fix NULL pointer dereference in can_rx_register()
CVE-2022-49862tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
CVE-2022-49864drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
CVE-2022-49861dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()

Showing top 20 of 245 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-49926

No comments yet

Leave a comment