CVE-2022-49549

x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

Description

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the call to mce_threshold_remove_device() will not free it. This happens because mce_threshold_remove_device() fetches the pointer through the threshold_banks per-CPU variable but bp is written there only after the bank creation is successful, and not before, when threshold_create_bank() fails. Add a helper which unwinds all the bank creation work previously done and pass into it the previously allocated threshold banks array for freeing. [ bp: Massage. ]

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b4acb8e7f1594607bc9017ef0aacb40b24a003d6 patch
https://git.kernel.org/stable/c/cc0dd4456f9573bf8af9b4d8754433918e809e1e patch
https://git.kernel.org/stable/c/9708f1956eeb70c86943e0bc62fa3b0101b59616 patch
https://git.kernel.org/stable/c/396b8e7ab2a99ddac57d3522b3da5e58cb608d37 patch
https://git.kernel.org/stable/c/e5f28623ceb103e13fc3d7bd45edf9818b227fd0 patch

Frequently Asked Questions

What is the severity of CVE-2022-49549?
CVE-2022-49549 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49549?
To fix CVE-2022-49549, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49549 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49549 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49549?
CVE-2022-49549 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.