CVE-2022-49949

Published: Jun 18, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fw_upload is allocated in firmware_upload_register(). This data needs to be freed in fw_dev_release(). Create a new fw_upload_free() function in sysfs_upload.c to handle the firmware-upload specific memory frees and incorporate the missing kfree call for the fw_upload structure.

Vendor	Product	Versions
Linux	Linux	affected `97730bbb242cde22b7140acd202ffd88823886c9 - < baf92485d111be828e1ab84a995515b604b938e5` affected `97730bbb242cde22b7140acd202ffd88823886c9 - < 789bba82f63c3e81dce426ba457fc7905b30ac6e`
Linux	Linux	affected `5.19` unaffected `0 - < 5.19` unaffected `5.19.8 - <= 5.19.` unaffected `6.0 - <= `

References

https://git.kernel.org/stable/c/baf92485d111be828e1ab84a995515b604b938e5

https://git.kernel.org/stable/c/789bba82f63c3e81dce426ba457fc7905b30ac6e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49949

Description

Affected Products

References