CVE-2022-45887: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was discovered in the Linux kernel through version 6.0.9, specifically in the drivers/media/usb/ttusb-dec/ttusb_dec.c file. The vulnerability (CVE-2022-45887) occurs due to the absence of a dvb_frontend_detach call in the ttusb_dec_exit_dvb() function, which is triggered when the device is disconnected (Kernel Commit).

The vulnerability stems from a missing dvb_frontend_detach() call in the ttusb_dec_exit_dvb() function. When the device is disconnected, dvb_frontend_free() is not called, leading to a memory leak. The issue can be triggered by repeatedly plugging and unplugging the device. The vulnerability has been assigned a CVSS score of 4.7 (MEDIUM) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NetApp Advisory).

The vulnerability results in a memory leak that occurs each time the device is disconnected. This can lead to gradual system resource depletion over time as memory is not properly freed when the device is unplugged (Kernel Patch).

The issue has been fixed by adding dvb_frontend_detach() to ttusb_dec_exit_dvb() function. The fix has been implemented in various Linux distributions including Debian Bullseye (5.10.234-1), Bookworm (6.1.129-1), and Sid/Trixie (6.12.17-1) (Debian Tracker).