{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49959","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.383Z","datePublished":"2025-06-18T11:00:20.749Z","dateUpdated":"2026-05-11T19:09:59.282Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:09:59.282Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix memory leak at failed datapath creation\n\novs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()\nallocates array via kmalloc.\nIf for some reason new_vport() fails during ovs_dp_cmd_new()\ndp->upcall_portids must be freed.\nAdd missing kfree.\n\nKmemleak example:\nunreferenced object 0xffff88800c382500 (size 64):\n  comm \"dump_state\", pid 323, jiffies 4294955418 (age 104.347s)\n  hex dump (first 32 bytes):\n    5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff  ^.y..z8..!8.....\n    03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00  ............(...\n  backtrace:\n    [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0\n    [<000000000187d8bd>] ovs_dp_change+0x63/0xe0\n    [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380\n    [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150\n    [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0\n    [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100\n    [<000000004959cece>] genl_rcv+0x24/0x40\n    [<000000004699ac7f>] netlink_unicast+0x23e/0x360\n    [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0\n    [<000000006f4aa380>] sock_sendmsg+0x62/0x70\n    [<00000000d0068654>] ____sys_sendmsg+0x230/0x270\n    [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0\n    [<0000000011776020>] __sys_sendmsg+0x59/0xa0\n    [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90\n    [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/openvswitch/datapath.c"],"versions":[{"version":"b83d23a2a38b1770da0491257ae81d52307f7816","lessThan":"ca54b2bfaab385778e55a9fd33f6c31e7f743b48","status":"affected","versionType":"git"},{"version":"b83d23a2a38b1770da0491257ae81d52307f7816","lessThan":"c0c1c0241917459644326a1a3102207c871ae159","status":"affected","versionType":"git"},{"version":"b83d23a2a38b1770da0491257ae81d52307f7816","lessThan":"a87406f4adee9c53b311d8a1ba2849c69e29a6d0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/openvswitch/datapath.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.66","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.8","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.66"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.19.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ca54b2bfaab385778e55a9fd33f6c31e7f743b48"},{"url":"https://git.kernel.org/stable/c/c0c1c0241917459644326a1a3102207c871ae159"},{"url":"https://git.kernel.org/stable/c/a87406f4adee9c53b311d8a1ba2849c69e29a6d0"}],"title":"openvswitch: fix memory leak at failed datapath creation","x_generator":{"engine":"bippy-1.2.0"}}}}