CVE-2022-49653

26.02.2025, 07:01

In the Linux kernel, the following vulnerability has been resolved:

i2c: piix4: Fix a memory leak in the EFCH MMIO support

The recently added support for EFCH MMIO regions introduced a memory
leak in that code path. The leak is caused by the fact that
release_resource() merely removes the resource from the tree but does
not free its memory. We need to call release_mem_region() instead,
which does free the memory. As a nice side effect, this brings back
some symmetry between the legacy and MMIO paths.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Vendor	Product	Version
linux	linux_kernel	5.15.42 ≤ 𝑥 < 5.15.54
linux	linux_kernel	5.17.10 ≤ 𝑥 < 5.18.11
linux	linux_kernel	5.19:rc1
linux	linux_kernel	5.19:rc2
linux	linux_kernel	5.19:rc3
linux	linux_kernel	5.19:rc4
linux	linux_kernel	5.19:rc5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.234-1 fixed
bookworm	6.1.123-1 fixed
bookworm (security)	6.1.128-1 fixed
trixie	6.12.12-1 fixed
sid	6.12.16-1 fixed

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

https://git.kernel.org/stable/c/8ad59b397f86a4d8014966fdc0552095a0c4fb2b

https://git.kernel.org/stable/c/a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19

https://git.kernel.org/stable/c/d2bf1a6480e8d44658a8ac3bdcec081238873212