CVE-2022-49857: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-49857 is a memory leak vulnerability discovered in the Linux kernel's Marvell Prestera network driver. The vulnerability was disclosed on May 1, 2025, and affects various versions of the Linux kernel from version 5.10 up to version 6.1. The issue specifically occurs in the prestera_rxtx_switch_init() function where memory pointed to by sw->rxtx isn't properly released when prestera_sdma_switch_init() fails (NVD).

The vulnerability exists in the net/marvell/prestera driver component of the Linux kernel and is classified as CWE-401 (Missing Release of Memory after Effective Lifetime). It has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on system availability (NVD).

The memory leak vulnerability could lead to resource exhaustion over time if the vulnerable code path is repeatedly triggered. This could potentially affect system stability and performance on systems using the affected Marvell Prestera network driver (Wiz).

The vulnerability has been fixed in the Linux kernel through patches. System administrators should update to a patched version of the kernel that includes the fix. The patch ensures proper memory cleanup when the initialization function fails (Wiz).