{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49190","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.286Z","datePublished":"2025-02-26T01:55:37.629Z","dateUpdated":"2025-11-03T19:27:48.713Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:31:55.714Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/resource: fix kfree() of bootmem memory again\n\nSince commit ebff7d8f270d (\"mem hotunplug: fix kfree() of bootmem\nmemory\"), we could get a resource allocated during boot via\nalloc_resource().  And it's required to release the resource using\nfree_resource().  Howerver, many people use kfree directly which will\nresult in kernel BUG.  In order to fix this without fixing every call\nsite, just leak a couple of bytes in such corner case."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/resource.c"],"versions":[{"version":"ebff7d8f270d045338d9f4796014f4db429a17f9","lessThan":"3379a60f6bb4afcd9c456e340ac525ae649d3ce7","status":"affected","versionType":"git"},{"version":"ebff7d8f270d045338d9f4796014f4db429a17f9","lessThan":"a9e88c2618d228d7a4e7e515cf30dc0d0d813f27","status":"affected","versionType":"git"},{"version":"ebff7d8f270d045338d9f4796014f4db429a17f9","lessThan":"d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8","status":"affected","versionType":"git"},{"version":"ebff7d8f270d045338d9f4796014f4db429a17f9","lessThan":"ab86020070999e758ce2e60c4348f20bf7ddba56","status":"affected","versionType":"git"},{"version":"ebff7d8f270d045338d9f4796014f4db429a17f9","lessThan":"0cbcc92917c5de80f15c24d033566539ad696892","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/resource.c"],"versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","status":"unaffected","versionType":"semver"},{"version":"5.10.237","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.33","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.19","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.2","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.15.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.16.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.17.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3379a60f6bb4afcd9c456e340ac525ae649d3ce7"},{"url":"https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27"},{"url":"https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8"},{"url":"https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56"},{"url":"https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892"}],"title":"kernel/resource: fix kfree() of bootmem memory again","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:27:48.713Z"}}]}}