CVE-2022-49370

firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add() If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix this issue by calling kobject_put().

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725 patch
https://git.kernel.org/stable/c/ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef patch
https://git.kernel.org/stable/c/c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d patch
https://git.kernel.org/stable/c/a724634b2a49f6ff0177a9e19a5a92fc1545e1b7 patch
https://git.kernel.org/stable/c/985706bd3bbeffc8737bc05965ca8d24837bc7db patch
https://git.kernel.org/stable/c/fdffa4ad8f6bf1ece877edfb807f2b2c729d8578 patch
https://git.kernel.org/stable/c/3ba359ebe914ac3f8c6c832b28007c14c39d3766 patch
https://git.kernel.org/stable/c/ec752973aa721ee281d5441e497364637c626c7b patch
https://git.kernel.org/stable/c/660ba678f9998aca6db74f2dd912fa5124f0fa31 patch

Frequently Asked Questions

What is the severity of CVE-2022-49370?
CVE-2022-49370 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49370?
To fix CVE-2022-49370, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49370 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49370 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49370?
CVE-2022-49370 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.