CVE-2022-49677

In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxx_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1ba904b6b16e08de5aed7c1349838d9cd0d178c5	Patch
https://git.kernel.org/stable/c/45bebbc8cea7d586a6216dc62814bdb380b9b29b	Patch
https://git.kernel.org/stable/c/68d4303bf59662b64bd555e2aa0518282d20aa4f	Patch
https://git.kernel.org/stable/c/b8b84e01ca94e2e1f5492353e9c24dab520b2e5b	Patch
https://git.kernel.org/stable/c/c980392af1473d6d5662f70d8089c8e6d85144a4	Patch
https://git.kernel.org/stable/c/d1359e4129ad43e43972a28838b87291c51de23d	Patch
https://git.kernel.org/stable/c/da3ee7cd2f15922ad88a7ca6deee2eafdc7cd214	Patch
https://git.kernel.org/stable/c/dc5170aae24e04068fd5ea125d06c0ab51f48a27	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::

History

11 Mar 2025, 22:12

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: cns3xxx: Se ha corregido la pérdida de recuento de referencias en cns3xxx_init. of_find_compatible_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Deberíamos usar of_node_put() en él cuando haya terminado. Se ha añadido el error of_node_put() que falta para evitar la pérdida de recuento de referencias.
References	~~() https://git.kernel.org/stable/c/1ba904b6b16e08de5aed7c1349838d9cd0d178c5 -~~	() https://git.kernel.org/stable/c/1ba904b6b16e08de5aed7c1349838d9cd0d178c5 - Patch
References	~~() https://git.kernel.org/stable/c/45bebbc8cea7d586a6216dc62814bdb380b9b29b -~~	() https://git.kernel.org/stable/c/45bebbc8cea7d586a6216dc62814bdb380b9b29b - Patch
References	~~() https://git.kernel.org/stable/c/68d4303bf59662b64bd555e2aa0518282d20aa4f -~~	() https://git.kernel.org/stable/c/68d4303bf59662b64bd555e2aa0518282d20aa4f - Patch
References	~~() https://git.kernel.org/stable/c/b8b84e01ca94e2e1f5492353e9c24dab520b2e5b -~~	() https://git.kernel.org/stable/c/b8b84e01ca94e2e1f5492353e9c24dab520b2e5b - Patch
References	~~() https://git.kernel.org/stable/c/c980392af1473d6d5662f70d8089c8e6d85144a4 -~~	() https://git.kernel.org/stable/c/c980392af1473d6d5662f70d8089c8e6d85144a4 - Patch
References	~~() https://git.kernel.org/stable/c/d1359e4129ad43e43972a28838b87291c51de23d -~~	() https://git.kernel.org/stable/c/d1359e4129ad43e43972a28838b87291c51de23d - Patch
References	~~() https://git.kernel.org/stable/c/da3ee7cd2f15922ad88a7ca6deee2eafdc7cd214 -~~	() https://git.kernel.org/stable/c/da3ee7cd2f15922ad88a7ca6deee2eafdc7cd214 - Patch
References	~~() https://git.kernel.org/stable/c/dc5170aae24e04068fd5ea125d06c0ab51f48a27 -~~	() https://git.kernel.org/stable/c/dc5170aae24e04068fd5ea125d06c0ab51f48a27 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:5.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::
CWE		NVD-CWE-Other
First Time		Linux Linux linux Kernel

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-11 22:12

NVD link : CVE-2022-49677

Mitre link : CVE-2022-49677

CVE.ORG link : CVE-2022-49677

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

5.5 /10