CVE-2022-49508

In the Linux kernel, the following vulnerability has been resolved:

HID: elan: Fix potential double free in elan_input_configured

'input' is a managed resource allocated with devm_input_allocate_device(),
so there is no need to call input_free_device() explicitly or
there will be a double free.

According to the doc of devm_input_allocate_device():
 * Managed input devices do not need to be explicitly unregistered or
 * freed as it will be done automatically when owner device unbinds from
 * its driver (or binding fails).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
linuxlinux_kernel
4.17 ≤
𝑥
< 4.19.247
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.198
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.121
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.46
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.14
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6
https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47
https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38
https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3
https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd
https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90
https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08