PT-2024-11885 · Linux+4 · Linux Kernel+4

Published

2022-11-23

·

Updated

2025-09-29

·

CVE-2022-49027

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A resource leak issue has been identified in the Linux kernel, specifically in the iavf init module() function. The function fails to destroy the workqueue when pci register driver() fails, leading to a resource leak. This issue is similar to a previously fixed resource leak in the u132 hcd init function. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the error handling in iavf init module(). As a temporary workaround, consider disabling the iavf init module() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025_16880
ALT-PU-2023-1066
BDU:2025-04435
CVE-2022-49027
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_4131-1
SUSE-SU-2024:3983-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4364-1
SUSE-SU-2025:0034-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Red Os
Suse