CVE-2022-49680

In the Linux kernel, the following vulnerability has been resolved: ARM: exynos: Fix refcount leak in exynos_map_pmu of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() checks null pointer.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/31d09571bb071c20f6bdc0bb7ac1ef8dd2987c04	Patch
https://git.kernel.org/stable/c/545ae5cbae839ce39bfe09828e413f1c916082de	Patch
https://git.kernel.org/stable/c/68f28d52e6cbab8dcfa249cac4356d1d0573e868	Patch
https://git.kernel.org/stable/c/7571bcecf01b69f0d3ec60ca41ce5d4c75411a4a	Patch
https://git.kernel.org/stable/c/c4c79525042a4a7df96b73477feaf232fe44ae81	Patch
https://git.kernel.org/stable/c/d23f76018e17618559da9eea179d137362023f95	Patch
https://git.kernel.org/stable/c/f9b77a52937582a5b99a5a07e4ef1e2f48f87347	Patch
https://git.kernel.org/stable/c/fc354856e9fad9cd36e2ad28f9da70716025055a	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::

History

11 Mar 2025, 22:16

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/31d09571bb071c20f6bdc0bb7ac1ef8dd2987c04 -~~	() https://git.kernel.org/stable/c/31d09571bb071c20f6bdc0bb7ac1ef8dd2987c04 - Patch
References	~~() https://git.kernel.org/stable/c/545ae5cbae839ce39bfe09828e413f1c916082de -~~	() https://git.kernel.org/stable/c/545ae5cbae839ce39bfe09828e413f1c916082de - Patch
References	~~() https://git.kernel.org/stable/c/68f28d52e6cbab8dcfa249cac4356d1d0573e868 -~~	() https://git.kernel.org/stable/c/68f28d52e6cbab8dcfa249cac4356d1d0573e868 - Patch
References	~~() https://git.kernel.org/stable/c/7571bcecf01b69f0d3ec60ca41ce5d4c75411a4a -~~	() https://git.kernel.org/stable/c/7571bcecf01b69f0d3ec60ca41ce5d4c75411a4a - Patch
References	~~() https://git.kernel.org/stable/c/c4c79525042a4a7df96b73477feaf232fe44ae81 -~~	() https://git.kernel.org/stable/c/c4c79525042a4a7df96b73477feaf232fe44ae81 - Patch
References	~~() https://git.kernel.org/stable/c/d23f76018e17618559da9eea179d137362023f95 -~~	() https://git.kernel.org/stable/c/d23f76018e17618559da9eea179d137362023f95 - Patch
References	~~() https://git.kernel.org/stable/c/f9b77a52937582a5b99a5a07e4ef1e2f48f87347 -~~	() https://git.kernel.org/stable/c/f9b77a52937582a5b99a5a07e4ef1e2f48f87347 - Patch
References	~~() https://git.kernel.org/stable/c/fc354856e9fad9cd36e2ad28f9da70716025055a -~~	() https://git.kernel.org/stable/c/fc354856e9fad9cd36e2ad28f9da70716025055a - Patch
CWE		NVD-CWE-Other
CPE		cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: exynos: Se corrige la fuga de refcount en exynos_map_pmu of_find_matching_node() devuelve un puntero de nodo con refcount incrementado, deberíamos usar of_node_put() en él cuando ya no lo necesitemos. Agregue of_node_put() faltante para evitar la fuga de refcount. of_node_put() verifica el puntero nulo.

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-11 22:16

NVD link : CVE-2022-49680

Mitre link : CVE-2022-49680

CVE.ORG link : CVE-2022-49680

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

5.5 /10