PT-2025-8594 · Linux+2 · Linux Kernel+2

Rhett Aultman

Publicado

2022-07-04

Atualizado

2025-10-23

CVE-2022-49661

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the gs usb driver. The driver allocates USB request blocks (URBs) for RX using usb alloc coherent(), but fails to properly free them using usb kill anchored urbs(), resulting in a potential leak of DMA memory. This issue is similar to a previously identified memory leak in the esd usb2 driver. The fix involves explicitly freeing the RX URBs and their DMA memory via a call to usb free coherent() in the gs can close() function.

Recommendations For the Linux kernel, apply the patch that fixes the memory leak issue by explicitly freeing the RX URBs and their DMA memory via a call to usb free coherent() in the gs can close() function.

Exploit

Correção

Memory Leak

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401CWE-404

Identificadores relacionados

BDU:2026-03705

CVE-2022-49661

OESA-2025-1282

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:0834-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_0834-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Produtos afetados

Astra Linux

Linux Kernel

Suse

PT-2025-8594 · Linux+2 · Linux Kernel+2

CVE-2022-49661

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1530