CVE-2022-49671

RDMA/cm: Fix memory leak in ib_cm_insert_listen

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ib_cm_insert_listen cm_alloc_id_priv() allocates resource for the cm_id_priv. When cm_init_listen() fails it doesn't free it, leading to memory leak. Add the missing error unwind.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b0cab8b517aeaf2592c3479294f934209c41a26f patch
https://git.kernel.org/stable/c/889000874c1204e47c7f2a4945db262a47e7efc9 patch
https://git.kernel.org/stable/c/2febf09a8a8ae4accf908f043f1bab1421056568 patch
https://git.kernel.org/stable/c/2990f223ffa7bb25422956b9f79f9176a5b38346 patch

Frequently Asked Questions

What is the severity of CVE-2022-49671?
CVE-2022-49671 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49671?
To fix CVE-2022-49671, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49671 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49671 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49671?
CVE-2022-49671 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.