CVE-2022-49729

nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Similar to the handling of play_deferred in commit 19cfe912c37b ("Bluetooth: btusb: Fix memory leak in play_deferred"), we thought a patch might be needed here as well. Currently usb_submit_urb is called directly to submit deferred tx urbs after unanchor them. So the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb and cause memory leak. Put those urbs in tx_anchor to avoid the leak, and also fix the error handling.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1eb0afecfb9cd0f38424b82bd9aaa542310934ee patch
https://git.kernel.org/stable/c/f21f908347712b8288ffe83b531b5e977042b29c patch
https://git.kernel.org/stable/c/3e7c7df6991ac349f2fa8540047757df666e610f patch
https://git.kernel.org/stable/c/6b4d8b44e7163a77fe942f5b80e1651c1b78c537 patch
https://git.kernel.org/stable/c/0eeec1a8b0cd38c47edeb042980a6aeacecf35ed patch
https://git.kernel.org/stable/c/6616872cfe7f0474a22dd1f12699f95bcf81a54d patch
https://git.kernel.org/stable/c/3eadc560c1919b8193d17334145dad9a917960e4 patch
https://git.kernel.org/stable/c/8a4d480702b71184fabcf379b80bf7539716752e patch

Frequently Asked Questions

What is the severity of CVE-2022-49729?
CVE-2022-49729 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49729?
To fix CVE-2022-49729, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49729 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49729 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49729?
CVE-2022-49729 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.