CVE-2022-48693

soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks
(2) we need to add iounmap() for each iomap in fail path

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: brcmstb: pm-arm: corrige los errores de fuga de refcount y __iomem En brcmstb_pm_probe(), hay dos tipos de errores de fuga: (1) necesitamos agregar of_node_put() cuando for_each__matching_node() se rompe (2) necesitamos agregar iounmap() para cada iomap en la ruta de error

In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks (2) we need to add iounmap() for each iomap in fail path

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-03 CVE Reserved
2024-05-03 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/0b741b8234c86065fb6954d32d427b3f7e14756f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883	2022-09-15
https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b	2022-09-15
https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558	2022-09-15
https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d	2022-09-15
https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82	2022-09-15
https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1	2022-08-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.258 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.258"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.4.213 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.4.213"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.10.143 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.10.143"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.15.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.15.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.19.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.19.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.0"		en		Affected