PT-2025-18510 · Linux+2 · Linux Kernel+2

Published

2022-10-24

Updated

2025-07-10

CVE-2022-49793

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A possible memory leak has been identified in the Linux kernel, specifically in the iio sysfs trig init() function. The dev set name() function allocates memory for the name, which needs to be freed when device add() fails. The put device() function is called to release the reference held in device initialize(), allowing it to be freed in kobject cleanup() when the refcount reaches 0. A fault injection test can trigger this issue, resulting in an unreferenced object.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2026-03981

CVE-2022-49793

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:01982-1

SUSE-SU-2025:01995-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:2173-1

SUSE-SU-2025_01982-1

SUSE-SU-2025_02173-1

SUSE-SU-2025_02262-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-18510 · Linux+2 · Linux Kernel+2

CVE-2022-49793

Weakness Enumeration

Related Identifiers

Affected Products

References · 557