{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-49661", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:21:30.435Z", "datePublished": "2025-02-26T02:23:58.352Z", "dateUpdated": "2026-05-11T19:04:14.924Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:04:14.924Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_open/close(): fix memory leak\n\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn't\nactually free them. As a result, this may be leaking DMA memory that's\nbeen used by the driver.\n\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\n\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\")."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/usb/gs_usb.c"], "versions": [{"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "339fa9f80d3b94177a7a459c6d115d3b56007d5a", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "d91492638b054f4a359621ef216242be5973ed6b", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "6f655b5e13fa4b27e915b6c209ac0da74fd75963", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "d0b8e223998866b3e7b2895927d4e9689b0a80d8", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "0e60230bc64355c80abe993d1719fdb318094e20", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c", "status": "affected", "versionType": "git"}, {"version": "d08e973a77d128b25e01a08c34d89593fdf222da", "lessThan": "2bda24ef95c0311ab93bda00db40486acf30bd0a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/usb/gs_usb.c"], "versions": [{"version": "3.16", "status": "affected"}, {"version": "0", "lessThan": "3.16", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.323", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.288", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.252", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.205", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.130", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.54", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.11", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "4.9.323"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "4.14.288"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "4.19.252"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "5.4.205"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "5.10.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "5.15.54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "5.18.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.16", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a"}, {"url": "https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0"}, {"url": "https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b"}, {"url": "https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963"}, {"url": "https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8"}, {"url": "https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20"}, {"url": "https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c"}, {"url": "https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a"}], "title": "can: gs_usb: gs_usb_open/close(): fix memory leak", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6905FC8D-2D88-4EB3-8313-368BA1D670A9", "versionEndExcluding": "4.9.323", "versionStartIncluding": "3.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "11E86C4E-715B-4E25-81E9-2FD98431E3FA", "versionEndExcluding": "4.14.288", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CC8E927-649A-40AD-AB62-F7EE444BEF0F", "versionEndExcluding": "4.19.252", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "844199C4-DEBE-4DA1-AB77-5A7984F9393B", "versionEndExcluding": "5.4.205", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BF24898-7C80-443F-93F3-F82029BBFF72", "versionEndExcluding": "5.10.130", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2197EF1-3D9C-4EBA-9F94-6C8668E719B6", "versionEndExcluding": "5.15.54", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "622F881E-3317-4653-9558-86008C2FBFD2", "versionEndExcluding": "5.18.11", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F3068028-F453-4A1C-B80F-3F5609ACEF60", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "2E9C0DB0-D349-489F-A3D6-B77214E93A8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "1A0DE3B7-0FFB-45AA-9BD6-19870CA7C6FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_open/close(): fix memory leak\n\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn't\nactually free them. As a result, this may be leaking DMA memory that's\nbeen used by the driver.\n\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\n\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\")."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: gs_usb: gs_usb_open/close(): corrige p\u00e9rdida de memoria El controlador gs_usb parece sufrir un problema com\u00fan a muchos controladores de adaptadores USB CAN, ya que realiza usb_alloc_coherent() para asignar una cantidad de bloques de solicitud USB (URB) para RX y luego se basa en usb_kill_anchored_urbs() para liberarlos, pero esto en realidad no los libera. Como resultado, esto puede estar perdiendo memoria DMA que ha sido utilizada por el controlador. Esta confirmaci\u00f3n es una adaptaci\u00f3n de las t\u00e9cnicas encontradas en el controlador esd_usb2 donde un patr\u00f3n de dise\u00f1o similar condujo a una p\u00e9rdida de memoria. Libera expl\u00edcitamente los URB RX y su memoria DMA a trav\u00e9s de una llamada a usb_free_coherent(). Dado que los URB RX se asignaron en gs_can_open(), los eliminamos en gs_can_close() en lugar de en la funci\u00f3n de desconexi\u00f3n como se hizo en esd_usb2. Para obtener m\u00e1s informaci\u00f3n, consulte 928150fad41b (\"can: esd_usb2: reparar p\u00e9rdida de memoria\")."}], "id": "CVE-2022-49661", "lastModified": "2025-10-23T15:49:50.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:41.137", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: can: gs_usb: gs_usb_open/close(): fix memory leak", "id": "2347927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347927"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncan: gs_usb: gs_usb_open/close(): fix memory leak\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn't\nactually free them. As a result, this may be leaking DMA memory that's\nbeen used by the driver.\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\")."], "name": "CVE-2022-49661", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49661\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49661\nhttps://lore.kernel.org/linux-cve-announce/2025022622-CVE-2022-49661-c53c@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T22:09:39.313192+00:00", "updated": "2025-07-12T22:09:39.313251+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}