CVE-2022-49896

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49896

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49896.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49896

Related

UBUNTU-CVE-2022-49896

Published

2025-05-01T15:16:14Z

Modified

2025-05-07T13:19:15Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

cxl/pmem: Fix cxlpmemregion and cxl_memdev leak

When a cxlnvdimm object goes through a ->remove() event (device physically removed, nvdimm-bridge disabled, or nvdimm device disabled), then any associated regions must also be disabled. As highlighted by the cxl-create-region.sh test [1], a single device may host multiple regions, but the driver was only tracking one region at a time. This leads to a situation where only the last enabled region per nvdimm device is cleaned up properly. Other regions are leaked, and this also causes cxlmemdev reference leaks.

Fix the tracking by allowing cxl_nvdimm objects to track multiple region associations.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}