CVE-2022-49657

usbnet: fix memory leak in error case

Description

In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d patch
https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8 patch
https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3 patch
https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff patch
https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91 patch
https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706 patch
https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b patch
https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f patch

Frequently Asked Questions

What is the severity of CVE-2022-49657?
CVE-2022-49657 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49657?
To fix CVE-2022-49657, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49657 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49657 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49657?
CVE-2022-49657 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.