CVE-2022-49403

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49403

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49403.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49403

Downstream

DEBIAN-CVE-2022-49403

UBUNTU-CVE-2022-49403

Published

2025-02-26T02:12:29Z

Modified

2025-10-21T10:04:07.028378Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

lib/string_helpers: fix not adding strarray to device's resource list

Details

In the Linux kernel, the following vulnerability has been resolved:

lib/string_helpers: fix not adding strarray to device's resource list

Add allocated strarray to device's resource list. This is a must to automatically release strarray when the device disappears.

Without this fix we have a memory leak in the few drivers which use devmkasprintfstrarray().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

acdb89b6c87a2d7b5c48a82756e6f5c6f599f60a

Fixed

a152eb42fcecfe41239c3c6695342f3a128593e7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

acdb89b6c87a2d7b5c48a82756e6f5c6f599f60a

Fixed

bf29edab0c9ff3d2633b8306a67d04c357e2a385

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

acdb89b6c87a2d7b5c48a82756e6f5c6f599f60a

Fixed

cd290a9839cee2f6641558877e707bd373c8f6f1

Affected versions

v5.*

v5.16

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.10

v5.17.11

v5.17.12

v5.17.13

v5.17.2

v5.17.3

v5.17.4

v5.17.5

v5.17.6

v5.17.7

v5.17.8

v5.17.9

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.2

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "178171364568231820881862564422203376044",
                "300964924223747695439033413047412002259",
                "185269031227277490705571030422044865540"
            ]
        },
        "target": {
            "file": "lib/string_helpers.c"
        },
        "id": "CVE-2022-49403-0257d1ea",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a152eb42fcecfe41239c3c6695342f3a128593e7",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "32619199112824444790304624553398951479",
            "length": 362.0
        },
        "target": {
            "function": "devm_kasprintf_strarray",
            "file": "lib/string_helpers.c"
        },
        "id": "CVE-2022-49403-83e8b869",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a152eb42fcecfe41239c3c6695342f3a128593e7",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "32619199112824444790304624553398951479",
            "length": 362.0
        },
        "target": {
            "function": "devm_kasprintf_strarray",
            "file": "lib/string_helpers.c"
        },
        "id": "CVE-2022-49403-8d4d4742",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf29edab0c9ff3d2633b8306a67d04c357e2a385",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "178171364568231820881862564422203376044",
                "300964924223747695439033413047412002259",
                "185269031227277490705571030422044865540"
            ]
        },
        "target": {
            "file": "lib/string_helpers.c"
        },
        "id": "CVE-2022-49403-b0f1a6d8",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bf29edab0c9ff3d2633b8306a67d04c357e2a385",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "32619199112824444790304624553398951479",
            "length": 362.0
        },
        "target": {
            "function": "devm_kasprintf_strarray",
            "file": "lib/string_helpers.c"
        },
        "id": "CVE-2022-49403-bc99c75f",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd290a9839cee2f6641558877e707bd373c8f6f1",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "178171364568231820881862564422203376044",
                "300964924223747695439033413047412002259",
                "185269031227277490705571030422044865540"
            ]
        },
        "target": {
            "file": "lib/string_helpers.c"
        },
        "id": "CVE-2022-49403-dea9ab29",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd290a9839cee2f6641558877e707bd373c8f6f1",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.14

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

5.18.3