CVE-2022-49231

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: rtw88: fix memory overrun and memory leak during hw_scan Previously we allocated less memory than actual required, overwrite to the buffer causes the mm module to complaint and raise access violation faults. Along with potential memory leaks when returned early. Fix these by passing the correct size and proper deinit flow.

References

Link	Resource
https://git.kernel.org/stable/c/d95984b5580dcb8b1c0036577c52b609990a1dab	Patch
https://git.kernel.org/stable/c/ec5da191bfcd5fd22b95459b623694f66c1cc10b	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

18 Mar 2025, 19:26

Type	Values Removed	Values Added
CWE		CWE-401
References	~~() https://git.kernel.org/stable/c/d95984b5580dcb8b1c0036577c52b609990a1dab -~~	() https://git.kernel.org/stable/c/d95984b5580dcb8b1c0036577c52b609990a1dab - Patch
References	~~() https://git.kernel.org/stable/c/ec5da191bfcd5fd22b95459b623694f66c1cc10b -~~	() https://git.kernel.org/stable/c/ec5da191bfcd5fd22b95459b623694f66c1cc10b - Patch
First Time		Linux Linux linux Kernel
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtw88: se corrige el desbordamiento de memoria y la pérdida de memoria durante hw_scan Anteriormente, asignábamos menos memoria de la que realmente se requería, la sobrescritura en el búfer hace que el módulo mm se queje y genere fallos de violación de acceso. Junto con posibles pérdidas de memoria cuando se devuelve antes. Solucione estos problemas pasando el tamaño correcto y el flujo de deinit adecuado.
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-10-01 20:15

NVD link : CVE-2022-49231

Mitre link : CVE-2022-49231

CVE.ORG link : CVE-2022-49231

JSON object : View

Products Affected

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2022-49231", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:00.130", "references": [{"url": "https://git.kernel.org/stable/c/d95984b5580dcb8b1c0036577c52b609990a1dab", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ec5da191bfcd5fd22b95459b623694f66c1cc10b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw88: fix memory overrun and memory leak during hw_scan\n\nPreviously we allocated less memory than actual required, overwrite\nto the buffer causes the mm module to complaint and raise access\nviolation faults. Along with potential memory leaks when returned\nearly. Fix these by passing the correct size and proper deinit flow."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtw88: se corrige el desbordamiento de memoria y la p\u00e9rdida de memoria durante hw_scan Anteriormente, asign\u00e1bamos menos memoria de la que realmente se requer\u00eda, la sobrescritura en el b\u00fafer hace que el m\u00f3dulo mm se queje y genere fallos de violaci\u00f3n de acceso. Junto con posibles p\u00e9rdidas de memoria cuando se devuelve antes. Solucione estos problemas pasando el tama\u00f1o correcto y el flujo de deinit adecuado."}], "lastModified": "2025-10-01T20:15:58.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}