CVE-2022-49636: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a memory leak vulnerability (CVE-2022-49636) was discovered in the VLAN (Virtual LAN) implementation. The issue occurs in the vlannewlink() function when memory allocation fails in vlanchangelink() after other allocations have already succeeded (Kernel Git).

The vulnerability stems from a bug reintroduction that was previously fixed. When memory allocation fails for the last element in a sequence of VLAN egress QoS map configurations, the previously allocated memory is not properly freed. This occurs because after a failed ->newlink() operation, methods like ndouninit() or dev->privdestructor() are not called (Kernel Git).

The vulnerability results in memory leaks in the kernel space. For example, when configuring VLAN egress QoS mappings, if the allocation for the last element fails, the memory allocated for previous successful allocations remains unreleased, leading to resource exhaustion over time (Kernel Git).

The issue has been fixed by modifying the vlannewlink() function to properly call vlandevfreeegresspriority() when an error occurs during vlanchangelink(). This ensures that all allocated memory is properly freed in case of failure (Kernel Git).