CVE intelligence and bounded remediation

CVE-2022-49513 — Linux Linux Kernel security vulnerability

Medium CVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release() method to free dbs_data The struct dbs_data embeds a struct gov_attr_set and the struct gov_attr_set embeds a kobject. Since every kobject must have a release() method and we can't use kfree() to free it directly, so introduce cpufreq_dbs_data_release() to release the dbs_data via the kobject::release() method. This fixes the calltrace like below: ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x34 WARNING: CPU: 12 PID: 810 at lib/debugobjects.c:505 debug_print_object+0xb8/0x100 Modules linked in: CPU: 12 PID: 810 Comm: sh Not tainted 5.16.0-next-20220120-yocto-standard+ #536 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : debug_print_object+0xb8/0x100 lr : debug_print_object+0xb8/0x100 sp : ffff80001dfcf9a0 x29: ffff80001dfcf9a0 x28: 0000000000000001 x27: ffff0001464f0000 x26: 0000000000000000 x25: ffff8000090e3f00 x24: ffff80000af60210 x23: ffff8000094dfb78 x22: ffff8000090e3f00 x21: ffff0001080b7118 x20: ffff80000aeb2430 x19: ffff800009e8f5e0 x18: 00000000…

Severity
Medium
CVSS
5.5 (3.1)
Published
2025-02-26
CISA KEV
Not currently listed
Ecosystem
linux/kernel

Affected products

  • linux / linux_kernel

Showing 1 representative product identities from 2 source matches. Confirm exact affected versions with the linked vendor and NVD evidence.

Matched remediation archetype

General vulnerability remediation

This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.

Check exposure

  • Confirm the affected component, deployment paths, reachable interfaces, and enabled features from inventories and configuration, without probing production destructively.
  • Compare the advisory's affected conditions with the repository lockfiles, build manifests, artifacts, and runtime inventory.
  • Identify data sensitivity, trust boundaries, and privilege level for every confirmed affected deployment.

Remediate safely

  • Apply a vendor-supported fix or remove the affected component or feature; record the selected change and its source in the repository.
  • Update direct and transitive dependency locks, generated artifacts, deployment manifests, and asset inventories together.
  • Add a regression test for the documented unsafe condition using inert inputs and preserve rollback instructions.

Authoritative sources

Complete CVE record and remediation plan

The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.