PT-2025-18604 · Linux+2 · Linux Kernel+2

Published

2025-05-01

Updated

2025-07-10

CVE-2022-49887

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A possible refcount leak in the vdec probe() function has been resolved. The issue occurs when vdec probe fails or vdec remove is called, and v4l2 device unregister is not called to put the refcount obtained by v4l2 device register.

Recommendations To resolve the issue, ensure that v4l2 device unregister is called when vdec probe fails or vdec remove is called to properly put the refcount obtained by v4l2 device register. As a temporary workaround, consider reviewing the code to ensure that the refcount is properly handled in the vdec probe function and when vdec remove is called.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-49887

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:01982-1

SUSE-SU-2025:01995-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:2173-1

SUSE-SU-2025_01982-1

SUSE-SU-2025_02173-1

SUSE-SU-2025_02262-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-18604 · Linux+2 · Linux Kernel+2

CVE-2022-49887

Related Identifiers

Affected Products

References · 546