CVE-2022-49028

MEDIUM5.5

ixgbevf: Fix resource leak in ixgbevf_init_module()

Published Oct 21, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: Fix resource leak in ixgbevf_init_module()

ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak.

Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak")

References

WEBhttps://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a WEBhttps://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181 WEBhttps://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2 WEBhttps://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2022-49028

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedOct 21, 2024

ModifiedMay 4, 2025