medium
5.5
CWE
401
Advisory Published
Updated

CVE-2022-49190: kernel/resource: fix kfree() of bootmem memory again

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=3.10<5.15.33
Linux Kernel>=5.16<5.16.19
Linux Kernel>=5.17<5.17.2

Remedy

https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892

Remedy

https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27

Remedy

https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56

Remedy

https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49190?

    CVE-2022-49190 has a severity rating that indicates it poses a potential risk to the stability of the Linux kernel.

  • How do I fix CVE-2022-49190?

    To mitigate CVE-2022-49190, update to the latest patched version of the Linux kernel that addresses this vulnerability.

  • Which versions of the Linux Kernel are affected by CVE-2022-49190?

    CVE-2022-49190 affects Linux Kernel versions from 3.10 up to 5.17.2 and specific versions in between.

  • What type of vulnerability is CVE-2022-49190?

    CVE-2022-49190 is a memory management vulnerability within the Linux kernel related to resource deallocation.

  • Is CVE-2022-49190 a remote exploit?

    CVE-2022-49190 does not specifically indicate it is a remote exploit, but it affects system stability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203