CVE-2022-49331

nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/593773088d615a46a42c97e01a0550d192bb7f74 patch
https://git.kernel.org/stable/c/d221ce54ce331c1a23be71eebf57f6a088632383 patch
https://git.kernel.org/stable/c/6fce324b530dd74750ad870699e33eeed1029ded patch
https://git.kernel.org/stable/c/3eca2c42daa4659965db6817479027cbc6df7899 patch
https://git.kernel.org/stable/c/54423649bc0ed464b75807a7cf2857a5871f738f patch
https://git.kernel.org/stable/c/f444ecd3f57f4ba5090fe8b6756933e37de4226e patch
https://git.kernel.org/stable/c/db836b97464d44340b568e041fd24602858713f7 patch
https://git.kernel.org/stable/c/55904086041ba4ee4070187b36590f8f8d6df4cd patch
https://git.kernel.org/stable/c/996419e0594abb311fb958553809f24f38e7abbe patch

Frequently Asked Questions

What is the severity of CVE-2022-49331?
CVE-2022-49331 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49331?
To fix CVE-2022-49331, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49331 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49331 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49331?
CVE-2022-49331 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.