CVE-2022-49713: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49713 is a memory leak vulnerability discovered in the Linux kernel's USB DWC2 (DesignWare USB 2.0) host controller driver. The issue was identified in the dwc2hcdinit function where memory allocated by usbcreatehcd was not properly freed when platformgetresource() fails, leading to a memory leak. The vulnerability affects Linux kernel versions from 4.14.250 to 4.14.285, 4.19.210 to 4.19.249, and 5.16 to 5.18.6 (NVD).

The vulnerability stems from incorrect error handling in the dwc2hcdinit function within the DWC2 USB driver. When platformgetresource() fails, the code incorrectly jumps to error1 label instead of error2, bypassing the proper memory cleanup routine. This results in memory allocated by usbcreatehcd not being freed through usbputhcd. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability results in a memory leak in the Linux kernel's USB subsystem. When triggered, it causes system memory to not be properly freed, potentially leading to resource exhaustion over time. The issue has been classified as CWE-401: Missing Release of Memory after Effective Lifetime (NVD).

The vulnerability has been patched by modifying the error handling code to use the correct error2 label instead of error1, ensuring proper memory cleanup. The fix was implemented through a patch that changes the goto statement in the dwc2hcdinit function (Kernel Patch).