CVE-2022-49780
Linux Target Core Components (SCSI) Memory Leak Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need goto error label in this case.
INFO
Published Date :
May 1, 2025, 3:16 p.m.
Last Modified :
May 2, 2025, 1:53 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-49780.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-49780 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-49780 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 01, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need goto error label in this case. Added Reference https://git.kernel.org/stable/c/28f7ff5e7559d226e63c7c5de74eb075a83d8c53 Added Reference https://git.kernel.org/stable/c/41a6b8b527a5957fab41c3c05e25ad125268e2e9 Added Reference https://git.kernel.org/stable/c/75205f1b47a88c3fac4f30bd7567e89b2887c7fd Added Reference https://git.kernel.org/stable/c/a636772988bafab89278e7bb3420d8e8eacfe912 Added Reference https://git.kernel.org/stable/c/bc68e428d4963af0201e92159629ab96948f0893 Added Reference https://git.kernel.org/stable/c/dce0589a3faec9e2e543e97bca7e62592ec85585
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-49780 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-49780
weaknesses.