{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-49835", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.228Z", "datePublished": "2025-05-01T14:09:52.700Z", "dateUpdated": "2026-05-11T19:07:41.728Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:07:41.728Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix potential memleak in 'add_widget_node'\n\nAs 'kobject_add' may allocated memory for 'kobject->name' when return error.\nAnd in this function, if call 'kobject_add' failed didn't free kobject.\nSo call 'kobject_put' to recycling resources."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/hda/hdac_sysfs.c"], "versions": [{"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "b688a3ec235222d9a84e43a48a6f31acb95baf2d", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "bb0ac8d5e541224f599bc8e8f31a313faa4bf7b7", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "90b7d055e2b5f39429f9a9e3815b48a48530ef28", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "02dea987ec1cac712c78e75d224ceb9bb73519ed", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "3a79f9568de08657fcdbc41d6fc4c0ca145a7a2b", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "7140d7aaf93da6a665b454f91bb4dc6b1de218bd", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "455d99bd6baf19688048b6d42d9fa74eae27f93b", "status": "affected", "versionType": "git"}, {"version": "3256be6537751f65c76b3ecfbb4e667f87525a2f", "lessThan": "9a5523f72bd2b0d66eef3d58810c6eb7b5ffc143", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/hda/hdac_sysfs.c"], "versions": [{"version": "4.1", "status": "affected"}, {"version": "0", "lessThan": "4.1", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.334", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.300", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.267", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.225", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.155", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.79", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.9", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "4.9.334"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "4.14.300"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "4.19.267"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "5.4.225"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "5.10.155"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "5.15.79"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "6.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d"}, {"url": "https://git.kernel.org/stable/c/bb0ac8d5e541224f599bc8e8f31a313faa4bf7b7"}, {"url": "https://git.kernel.org/stable/c/90b7d055e2b5f39429f9a9e3815b48a48530ef28"}, {"url": "https://git.kernel.org/stable/c/02dea987ec1cac712c78e75d224ceb9bb73519ed"}, {"url": "https://git.kernel.org/stable/c/3a79f9568de08657fcdbc41d6fc4c0ca145a7a2b"}, {"url": "https://git.kernel.org/stable/c/7140d7aaf93da6a665b454f91bb4dc6b1de218bd"}, {"url": "https://git.kernel.org/stable/c/455d99bd6baf19688048b6d42d9fa74eae27f93b"}, {"url": "https://git.kernel.org/stable/c/9a5523f72bd2b0d66eef3d58810c6eb7b5ffc143"}], "title": "ALSA: hda: fix potential memleak in 'add_widget_node'", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "65416FEB-3A76-4DA9-A96A-1479EC77AFB6", "versionEndExcluding": "4.9.334", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "424802D2-E9E7-48A9-AD6F-DF2227B3D83A", "versionEndExcluding": "4.14.300", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5C69A12-68E2-400E-9A5A-375A673C8402", "versionEndExcluding": "4.19.267", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "94D21814-3051-4860-AB06-C7880A3D4933", "versionEndExcluding": "5.4.225", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "172AC75C-0949-4468-9C58-64E2893EF0CE", "versionEndExcluding": "5.10.155", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "39DC45D8-E30E-4F4A-9332-393B7BCF6900", "versionEndExcluding": "5.15.79", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3F26709-7D49-4AF0-8145-46CCF4E8E2AD", "versionEndExcluding": "6.0.9", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix potential memleak in 'add_widget_node'\n\nAs 'kobject_add' may allocated memory for 'kobject->name' when return error.\nAnd in this function, if call 'kobject_add' failed didn't free kobject.\nSo call 'kobject_put' to recycling resources."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: se corrige una posible fuga de memoria en 'add_widget_node'. 'kobject_add' podr\u00eda asignar memoria a 'kobject->name' cuando devuelve un error. En esta funci\u00f3n, si la llamada a 'kobject_add' falla, no se libera kobject. Por lo tanto, se llama a 'kobject_put' para reciclar recursos."}], "id": "CVE-2022-49835", "lastModified": "2025-11-10T21:12:55.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-01T15:16:06.980", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/02dea987ec1cac712c78e75d224ceb9bb73519ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a79f9568de08657fcdbc41d6fc4c0ca145a7a2b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/455d99bd6baf19688048b6d42d9fa74eae27f93b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7140d7aaf93da6a665b454f91bb4dc6b1de218bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/90b7d055e2b5f39429f9a9e3815b48a48530ef28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9a5523f72bd2b0d66eef3d58810c6eb7b5ffc143"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb0ac8d5e541224f599bc8e8f31a313faa4bf7b7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: hda: fix potential memleak in 'add_widget_node'", "id": "2363439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363439"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: hda: fix potential memleak in 'add_widget_node'\nAs 'kobject_add' may allocated memory for 'kobject->name' when return error.\nAnd in this function, if call 'kobject_add' failed didn't free kobject.\nSo call 'kobject_put' to recycling resources."], "name": "CVE-2022-49835", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49835\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49835\nhttps://lore.kernel.org/linux-cve-announce/2025050138-CVE-2022-49835-ea42@gregkh/T"], "statement": "The vulnerability in add_widget_node() arises from a missing kobject_put() call when kobject_add() fails. This can result in a memory leak, as dynamically allocated memory for the kobject\u2019s name may not be released. While the issue does not lead to privilege escalation or memory corruption, it could result in resource exhaustion over time if triggered repeatedly.", "threat_severity": "Low"}

{"created": "2025-06-24T09:51:41.782104+00:00", "updated": "2025-06-24T09:51:41.782165+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}