Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49982

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create, it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL, which leads to that pvr2_hdw_destroy directly returns. Fix this by adding v4l2_device_unregister to decrease the refcount of usb interface.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 1 product from linux organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2025, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2025-06-18T11:15:25.720

Last Modified

2025-11-14T18:14:49.347

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.9.327	Yes
Operating System	linux	linux_kernel	< 4.14.292	Yes
Operating System	linux	linux_kernel	< 4.19.257	Yes
Operating System	linux	linux_kernel	< 5.4.212	Yes
Operating System	linux	linux_kernel	< 5.10.141	Yes
Operating System	linux	linux_kernel	< 5.15.65	Yes
Operating System	linux	linux_kernel	< 5.19.7	Yes

References

https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/466b67c0543b2ae67814d053f6e29b39be6b33bb Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/491762b3250fb06a0c97b5198656ea48359eaeed Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/945a9a8e448b65bec055d37eba58f711b39f66f0 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ba7dd8a9686a61a34b3a7b922ce721378d4740d0 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/bacb37bdc2a21c8f7fdc83dcc0dea2f4ca1341fb Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c02d2a91a85c4c4d05826cd1ea74a9b8d42e4280 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/f2f6e67522916f53ad8ccd4dbe68dcf76e9776e5 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.