CVE-2022-49468

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the thermal cooling device register() function. The leak occurs when device register() fails, and thermal cooling device destroy sysfs() is not called to free the allocated memory. This issue was discovered during a fault injection test, which revealed an unreferenced object. The backtrace indicates that the memory allocation occurs in kmalloc order trace() and kmalloc(), and the leak is caused by the failure to call thermal cooling device destroy sysfs() to free the memory.

Recommendations To resolve this issue, ensure that thermal cooling device destroy sysfs() is called when device register() fails to free the allocated memory. As a temporary workaround, consider reviewing the code to ensure proper memory management in the thermal cooling device register() function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.