Unrated severityNVD Advisory· Published Feb 26, 2025· Updated Nov 3, 2025

kernel/resource: fix kfree() of bootmem memory again

CVE-2022-49190

Description

In the Linux kernel, the following vulnerability has been resolved:

Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.

Affected products

osv-coords8 versions
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_69&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 4.12.14-122.261.1+ 7 more
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 1-8.3.1
Linux/Linuxcpe-rescue
Range: 3.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000