U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2022-48794 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Free the skb structure upon error before returning when appropriate. As the 'is_tx = 0' cannot be moved in the complete handler because of a possible race between the delay in switching to STATE_RX_AACK_ON and a new interrupt, we introduce an intermediate 'was_tx' boolean just for this purpose. There is no Fixes tag applying here, many changes have been made on this area and the issue kind of always existed.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0fd484644c68897c490a3307bfcc8bf767df5a43 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/1c72f04d52b7200bb83426a9bed378668271ea4a CVE, kernel.org Patch 
https://git.kernel.org/stable/c/23b2a25382400168427ea278f3d8bf4ecfd333bf CVE, kernel.org Patch 
https://git.kernel.org/stable/c/455ef08d6e5473526fa6763f75a93f7198206966 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/6312f6a53fd3ea38125dcaca5e3c9aa7d8a60cf7 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/af649e5c95f56df64363bc46f6746b87819f9c0d CVE, kernel.org Patch 
https://git.kernel.org/stable/c/d2a1eaf51b7d4412319adb6acef114ba472d1692 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9 CVE, kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-401 Missing Release of Memory after Effective Lifetime cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-48794
NVD Published Date:
07/16/2024
NVD Last Modified:
09/24/2025
Source:
kernel.org