CVE-2022-49455

EUVD-2022-54774
In the Linux kernel, the following vulnerability has been resolved:

misc: ocxl: fix possible double free in ocxl_file_register_afu

info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.

Fix this by adding free_minor() and return to err_unregister error path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.2 ≤
𝑥
< 5.4.198
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.121
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.46
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.14
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
sid
6.12.16-1
fixed
trixie
6.12.12-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
dlm-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
gfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-64kb
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-default
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-default-base
suse enterprise server 15 SP3
5.3.18-150300.59.201.1.150300.18.120.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1.150400.24.78.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1.150500.6.47.1
fixed
kernel-docs
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-macros
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-obs-build
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-preempt
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
kernel-source
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-syms
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
kernel-zfcpdump
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
ocfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP3
5.3.18-150300.59.201.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.158.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.100.1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/252768d32e92c1214aeebb5fec0844ca479bcf5c
https://git.kernel.org/stable/c/8fb674216835e1f0c143762696d645facebb4685
https://git.kernel.org/stable/c/950cf957fe34d40d63dfa3bf3968210430b6491e
https://git.kernel.org/stable/c/9e9087cf34ee69f4e95d146ac29385d6e367a97b
https://git.kernel.org/stable/c/de65c32ace9aa70d51facc61ba986607075e3a25
https://git.kernel.org/stable/c/ee89d8dee55ab4b3b8ad8b70866b2841ba334767