PT-2025-13283 · Linux+3 · Linux Kernel+3

Published

2025-03-27

·

Updated

2025-05-29

·

CVE-2022-49741

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A memory leak bug has been identified in the Linux kernel, specifically in the ufx usb probe function. The error handling code in this function has several issues, including missing ufx free usb list and incorrect matching of fb alloc cmap and fb dealloc cmap. This bug can cause a memory leak, as reported by syzkaller. The leak occurs when the kmalloc trace function is called, leading to an unreferenced object.
Recommendations To resolve this issue, the error handling code in ufx usb probe should be rewritten to fix the memory leak bug. This can be achieved by properly handling the allocation and deallocation of memory in the ufx usb probe function, ensuring that all allocated memory is properly freed in case of an error.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2025-06293
CVE-2022-49741
OPENSUSE-SU-2025_01620-1
OPENSUSE-SU-2025_01627-1
OPENSUSE-SU-2025_01640-1
SUSE-SU-2025:01620-1
SUSE-SU-2025:01627-1
SUSE-SU-2025:01640-1
SUSE-SU-2025:1573-1
SUSE-SU-2025_01620-1
SUSE-SU-2025_01627-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse