CVE-2022-49671: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49671 affects the Linux kernel's RDMA/cm (Remote Direct Memory Access/Connection Manager) component. The vulnerability was discovered in June 2022 and involves a memory leak in the ibcminsertlisten function. Specifically, when cminitlisten() fails, it doesn't properly free the resources allocated by cmallocidpriv(), leading to a memory leak (Kernel Git).

The vulnerability stems from a missing error handling path in the RDMA connection manager code. When the cmallocidpriv() function allocates resources for the cmidpriv structure and cminitlisten() subsequently fails, the code fails to call ibdestroycmid() to free the allocated resources. This results in a memory leak condition. The issue has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to memory leaks in the Linux kernel's RDMA subsystem. While there is no direct impact on confidentiality or integrity, the availability of the system could be affected if the memory leak is triggered repeatedly, potentially leading to resource exhaustion (NVD).

The vulnerability has been fixed by adding proper error handling code that calls ibdestroycmid() when cminit_listen() fails. The fix has been implemented in multiple kernel versions through various stable tree commits (Kernel Git).