What is CVE-2022-49653?

CVE-2022-49653 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Memory Leak flaw (CWE-401). CVE-2022-49653 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-49653?

CVE-2022-49653 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2022-49653?

No patch is currently available for CVE-2022-49653. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2022-49653 actively exploited?

CVE-2022-49653 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Memory Leak (CWE-401)?

The product does not release memory after use, causing gradual resource exhaustion. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/401.html

CVE-2022-49653

Medium

In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix a memory leak in the EFCH MMIO support The recently added support for EFCH MMIO regions introduced a memory leak in that code path. The leak is caused by the fact that release_resource() merely removes the resource from the tree but does not free its memory. We need to call release_mem_region() instead, which does free the memory. As a nice side effect, this brings back some symmetry between the legacy and MMIO paths.

Package Linux Kernel

Published 2025-02-26

Last modified 2025-10-01

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-401

CVE-2022-49653 is a Memory Leak vulnerability

What is Memory Leak?

The product does not release memory after use, causing gradual resource exhaustion. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2022-49653 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/8ad59b397f86a4d8014966fdc0552095a0c4fb2b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19
Patch
Kernel patch commit
https://git.kernel.org/stable/c/d2bf1a6480e8d44658a8ac3bdcec081238873212
Patch

Details

CVE ID CVE-2022-49653

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-02-26

Modified 2025-10-01

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2022-49653?

CVE-2022-49653 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as a Memory Leak flaw (CWE-401) . CVE-2022-49653 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-49653?

CVE-2022-49653 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2022-49653?

No patch is currently available for CVE-2022-49653. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2022-49653 actively exploited?

No — CVE-2022-49653 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Memory Leak (CWE-401)?

The product does not release memory after use, causing gradual resource exhaustion. View CWE-401 on MITRE CWE →