{"vulnerability": "CVE-2022-49926", "sightings": [{"uuid": "f7b0785b-a438-4bad-9cf6-5fe2c96f0d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49926", "type": "seen", "source": "https://t.me/cvedetector/24238", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49926 - Linux kernel - DSA Loop Memory Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49926 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: dsa: Fix possible memory leaks in dsa_loop_init()  \n  \nkmemleak reported memory leaks in dsa_loop_init():  \n  \nkmemleak: 12 new suspected memory leaks  \n  \nunreferenced object 0xffff8880138ce000 (size 2048):  \n  comm \"modprobe\", pid 390, jiffies 4295040478 (age 238.976s)  \n  backtrace:  \n    [<000000006a94f1d5] kmalloc_trace+0x26/0x60  \n    [<00000000a9c44622] phy_device_create+0x5d/0x970  \n    [<00000000d0ee2afc] get_phy_device+0xf3/0x2b0  \n    [<00000000dca0c71f] __fixed_phy_register.part.0+0x92/0x4e0  \n    [<000000008a834798] fixed_phy_register+0x84/0xb0  \n    [<0000000055223fcb] dsa_loop_init+0xa9/0x116 [dsa_loop]  \n    ...  \n  \nThere are two reasons for memleak in dsa_loop_init().  \n  \nFirst, fixed_phy_register() create and register phy_device:  \n  \nfixed_phy_register()  \n  get_phy_device()  \n    phy_device_create() # freed by phy_device_free()  \n  phy_device_register() # freed by phy_device_remove()  \n  \nBut fixed_phy_unregister() only calls phy_device_remove().  \nSo the memory allocated in phy_device_create() is leaked.  \n  \nSecond, when mdio_driver_register() fail in dsa_loop_init(),  \nit just returns and there is no cleanup for phydevs.  \n  \nFix the problems by catching the error of mdio_driver_register()  \nin dsa_loop_init(), then calling both fixed_phy_unregister() and  \nphy_device_free() to release phydevs.  \nAlso add a function for phydevs cleanup to avoid duplacate. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:28.000000Z"}]}