CVE-2022-49874 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

HID: hyperv: fix possible memory leak in mousevsc_probe()

If hid_add_device() returns error, it should call hid_destroy_device() to free hid_dev which is allocated in hid_allocate_device().

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 06/28/2025

The vulnerability identified as CVE-2022-49874 represents a memory leak issue within the Linux kernel's HID (Human Interface Device) subsystem, specifically affecting the Hyper-V mouse virtual device driver. This flaw exists in the mousevsc_probe() function which handles the initialization of mouse devices in Hyper-V virtualized environments. The issue arises from improper error handling during the device allocation process, creating a potential memory management gap that could lead to resource exhaustion over time.

The technical root cause stems from a missing cleanup operation when the hid_add_device() function fails during device initialization. When this function returns an error condition, the system should execute hid_destroy_device() to properly release the memory allocated for the HID device structure through hid_allocate_device(). However, in the affected code path, this cleanup function is not invoked, leaving the allocated memory in an unreleased state. This represents a classic memory leak pattern where resources are acquired but never properly freed, violating fundamental memory management principles.

From an operational perspective, this vulnerability impacts systems running Linux kernels with Hyper-V integration, particularly those utilizing virtualized mouse devices. The memory leak occurs during device probe operations when the system attempts to initialize mouse virtual devices, potentially leading to gradual memory consumption that could affect system performance or stability. While individual leaks may be small, repeated occurrences in active virtualized environments could accumulate to significant memory waste, potentially causing system slowdowns or resource contention issues.

The vulnerability aligns with CWE-401, which specifically addresses improper release of memory after use, and represents a failure in proper resource management within the kernel's device driver framework. From an ATT&CK perspective, this issue could potentially be leveraged in resource exhaustion attacks, though the direct attack surface is limited to systems utilizing Hyper-V virtualization with HID device drivers. The flaw demonstrates the importance of robust error handling in kernel code where memory allocation and deallocation must be perfectly balanced to prevent resource leaks.

Mitigation strategies include applying the official kernel patch that ensures hid_destroy_device() is called whenever hid_add_device() returns an error condition. System administrators should prioritize updating to kernel versions containing the fix, particularly in production environments running Hyper-V virtualization. Additionally, monitoring memory usage patterns in virtualized environments can help detect potential memory leak accumulation. The fix implements proper error handling that maintains the principle of resource acquisition being paired with corresponding release operations, aligning with best practices for kernel memory management and preventing the accumulation of leaked memory resources.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00186

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!