CVE-2022-49190

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.

Vendor	Product	Versions
Linux	Linux	affected `ebff7d8f270d045338d9f4796014f4db429a17f9 - < 3379a60f6bb4afcd9c456e340ac525ae649d3ce7` affected `ebff7d8f270d045338d9f4796014f4db429a17f9 - < a9e88c2618d228d7a4e7e515cf30dc0d0d813f27` affected `ebff7d8f270d045338d9f4796014f4db429a17f9 - < d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8` affected `ebff7d8f270d045338d9f4796014f4db429a17f9 - < ab86020070999e758ce2e60c4348f20bf7ddba56` affected `ebff7d8f270d045338d9f4796014f4db429a17f9 - < 0cbcc92917c5de80f15c24d033566539ad696892`
Linux	Linux	affected `3.10` unaffected `0 - < 3.10` unaffected `5.10.237 - <= 5.10.` unaffected `5.15.33 - <= 5.15.` unaffected `5.16.19 - <= 5.16.*` +2 more versions

References

https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7

https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27

https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8

https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56

https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49190

Description

Affected Products

References