CVE-2022-48669

powerpc/pseries: Fix potential memleak in papr_get_attr()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

powerpc/pseries: Fix potential memleak in papr_get_attr()

`buf` is allocated in papr_get_attr(), and krealloc() of `buf`
could fail. We need to free the original `buf` in the case of failure.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/pseries: corrija una posible fuga de mem en papr_get_attr() `buf` está asignado en papr_get_attr(), y krealloc() de `buf` podría fallar. Necesitamos liberar el "buf" original en caso de falla.

A flaw was found in the Linux kernel. A potential memleak in papr_get_attr() may lead to compromised availability.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-01 CVE Published
2024-05-02 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/3c14b73454cf9f6e2146443fdfbdfb912c0efed3	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a3f22feb2220a945d1c3282e34199e8bcdc5afc4	2024-03-26
https://git.kernel.org/stable/c/1699fb915b9f61794d559b55114c09a390aaf234	2024-03-26
https://git.kernel.org/stable/c/7f7d39fe3d80d6143404940b2413010cf6527029	2024-03-26
https://git.kernel.org/stable/c/d0647c3e81eff62b66d46fd4e475318cb8cb3610	2024-03-26
https://git.kernel.org/stable/c/cda9c0d556283e2d4adaa9960b2dc19b16156bae	2024-03-03

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48669	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2278537	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.1.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.6.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.8.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.9"		en		Affected