CVE-2022-49312

staging: rtl8712: fix a potential memory leak in r871xu_drv_init()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix a potential memory leak in r871xu_drv_init() In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory
allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not
properly released as there is no action will be performed by
r8712_usb_dvobj_deinit().
To properly release it, we should call r8712_free_io_queue() in
r8712_usb_dvobj_deinit(). Besides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called
by r871x_dev_unload() under condition `padapter->bup` and
r8712_free_io_queue() is called by r8712_free_drv_sw().
However, r8712_usb_dvobj_deinit() does not rely on `padapter->bup` and
calling r8712_free_io_queue() in r8712_free_drv_sw() is negative for
better understading the code.
So I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove
r8712_free_io_queue() from r8712_free_drv_sw().

*Credits: N/A

CVSS Scores

CISAv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2026-04-19 EPSS Updated
2026-05-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73	2022-06-14
https://git.kernel.org/stable/c/8eb42d6d10f8fe509117859defddf9e72b4fa4d0	2022-06-14
https://git.kernel.org/stable/c/205e039fead72e87ad2838f5e649a4c4834f648b	2022-06-14
https://git.kernel.org/stable/c/a2882b8baad068d21c99fb2ab5a85a2bdbd5b834	2022-06-14
https://git.kernel.org/stable/c/7288ff561de650d4139fab80e9cb0da9b5b32434	2022-04-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.10.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.10.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.15.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.15.47"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.19"		en		Affected