CVE-2022-49455

misc: ocxl: fix possible double free in ocxl_file_register_afu

Description

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible double free in ocxl_file_register_afu info_release() will be called in device_unregister() when info->dev's reference count is 0. So there is no need to call ocxl_afu_put() and kfree() again. Fix this by adding free_minor() and return to err_unregister error path.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/de65c32ace9aa70d51facc61ba986607075e3a25 patch
https://git.kernel.org/stable/c/ee89d8dee55ab4b3b8ad8b70866b2841ba334767 patch
https://git.kernel.org/stable/c/8fb674216835e1f0c143762696d645facebb4685 patch
https://git.kernel.org/stable/c/252768d32e92c1214aeebb5fec0844ca479bcf5c patch
https://git.kernel.org/stable/c/9e9087cf34ee69f4e95d146ac29385d6e367a97b patch
https://git.kernel.org/stable/c/950cf957fe34d40d63dfa3bf3968210430b6491e patch

Frequently Asked Questions

What is the severity of CVE-2022-49455?
CVE-2022-49455 has been scored as a high severity vulnerability.
How to fix CVE-2022-49455?
To fix CVE-2022-49455, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49455 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49455 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49455?
CVE-2022-49455 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.