CVE-2022-49924

nfc: fdp: Fix potential memory leak in fdp_nci_send()

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdp_nci_send() fdp_nci_send() will call fdp_nci_i2c_write that will not free skb in the function. As a result, when fdp_nci_i2c_write() finished, the skb will memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write() finished.

References

Link	Tags
https://git.kernel.org/stable/c/e8c11ee2d07f7c4dfa2ac0ea8efc4f627e58ea57	patch
https://git.kernel.org/stable/c/44bc1868a4f542502ea2221fe5ad88ca66d1c6b6	patch
https://git.kernel.org/stable/c/1a7a898f8f7b56c0eaa2baf67a0c96235a30bc29	patch
https://git.kernel.org/stable/c/8e4aae6b8ca76afb1fb64dcb24be44ba814e7f8a	patch

Frequently Asked Questions

What is the severity of CVE-2022-49924?: CVE-2022-49924 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49924?: To fix CVE-2022-49924, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49924 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-49924 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49924?: CVE-2022-49924 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions