CVE-2022-49922: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49922 is a memory leak vulnerability discovered in the Linux kernel's NFC subsystem, specifically in the nfcmrvli2cnci_send() function. The vulnerability was disclosed on May 1, 2025, affecting various versions of the Linux kernel from 5.5 up to versions prior to 5.10.154, 5.15.78, and other specified versions (NVD).

The vulnerability occurs in the nfcmrvli2cncisend() function which is called by nfcmrvlncisend(). The issue arises because the socket buffer (skb) is only freed when i2cmastersend() returns a value greater than or equal to 0, leading to a memory leak when i2cmaster_send() fails. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Wiz).

The vulnerability results in a memory leak in the Linux kernel's NFC subsystem, which could potentially lead to system resource exhaustion over time. This affects the system's availability but does not compromise confidentiality or integrity (Wiz).

The vulnerability has been patched in the Linux kernel. The fix ensures proper memory management by freeing the skb regardless of the i2cmastersend() function's return value. Users should update their kernel to a version containing the fix (NVD).