PT-2025-8594 · Linux+2 · Linux Kernel+2

Rhett Aultman

Published

2022-07-04

Updated

2025-10-23

CVE-2022-49661

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the gs usb driver. The driver allocates USB request blocks (URBs) for RX using usb alloc coherent(), but fails to properly free them using usb kill anchored urbs(), resulting in a potential leak of DMA memory. This issue is similar to a previously identified memory leak in the esd usb2 driver. The fix involves explicitly freeing the RX URBs and their DMA memory via a call to usb free coherent() in the gs can close() function.

Recommendations For the Linux kernel, apply the patch that fixes the memory leak issue by explicitly freeing the RX URBs and their DMA memory via a call to usb free coherent() in the gs can close() function.

Exploit

Fix

Memory Leak

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-404

Related Identifiers

BDU:2026-03705

CVE-2022-49661

OESA-2025-1282

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:0834-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_0834-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8594 · Linux+2 · Linux Kernel+2

CVE-2022-49661

Weakness Enumeration

Related Identifiers

Affected Products

References · 1530