CVE-2022-49893

In the Linux kernel, the following vulnerability has been resolved:

cxl/region: Fix cxl_region leak, cleanup targets at region delete

When a region is deleted any targets that have been previously assigned
to that region hold references to it. Trigger those references to
drop by detaching all targets at unregister_region() time.

Otherwise that region object will leak as userspace has lost the ability
to detach targets once region sysfs is torn down.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
linuxlinux_kernel
6.0 ≤
𝑥
< 6.0.8
linuxlinux_kernel
6.1:rc1
linuxlinux_kernel
6.1:rc2
linuxlinux_kernel
6.1:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.135-1
fixed
trixie
6.12.22-1
fixed
sid
6.12.25-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0d9e734018d70cecf79e2e4c6082167160a0f13f
https://git.kernel.org/stable/c/45d9fb4b758b9d602ee7776eb6754b0349946aad