1. Home
  2. Vulnerabilities
  3. CVE-2022-49661
5.5
MEDIUM CVSS 3.1
CVE-2022-49661
can: gs_usb: gs_usb_open/close(): fix memory leak
Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation of the techniques found in the esd_usb2 driver where a similar design pattern led to a memory leak. It explicitly frees the RX URBs and their DMA memory via a call to usb_free_coherent(). Since the RX URBs were allocated in the gs_can_open(), we remove them in gs_can_close() rather than in the disconnect function as was done in esd_usb2. For more information, see the 928150fad41b ("can: esd_usb2: fix memory leak").

INFO

Published Date :

Feb. 26, 2025, 7:01 a.m.

Last Modified :

Oct. 23, 2025, 3:49 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-49661 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
Fix memory leak in the gs_usb driver by explicitly freeing DMA memory.
  • Free allocated RX URBs and their DMA memory.
  • Ensure RX URBs are removed in close function.
  • Apply the described fix to the gs_usb driver.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-49661.

URL Resource
https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20 Patch
https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a Patch
https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a Patch
https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963 Patch
https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0 Patch
https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8 Patch
https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b Patch
https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-49661 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-49661 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-49661 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-49661 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Oct. 23, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-401
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.54 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.16 up to (excluding) 4.9.323 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.288 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.252 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.205 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.130 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.18.11
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation of the techniques found in the esd_usb2 driver where a similar design pattern led to a memory leak. It explicitly frees the RX URBs and their DMA memory via a call to usb_free_coherent(). Since the RX URBs were allocated in the gs_can_open(), we remove them in gs_can_close() rather than in the disconnect function as was done in esd_usb2. For more information, see the 928150fad41b ("can: esd_usb2: fix memory leak").
    Added Reference https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20
    Added Reference https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a
    Added Reference https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a
    Added Reference https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963
    Added Reference https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0
    Added Reference https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8
    Added Reference https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b
    Added Reference https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact