In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of     bootmem memory again Since commit ebff7d8f270d (mem hotunplug: fix kfree() of bootmem memory), we could     get a resource allocated during boot via alloc_resource(). And it's required to release the resource using     free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix     this without fixing every call site, just leak a couple of bytes in such corner case. (CVE-2022-49190)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

CVE-2022-49190

medium

Tenable Plugins

medium