CVE-2022-48693

soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs

In brcmstb_pm_probe(), there are two kinds of leak bugs:

(1) we need to add of_node_put() when for_each__matching_node() breaks
(2) we need to add iounmap() for each iomap in fail path

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: brcmstb: pm-arm: corrige los errores de fuga de refcount y __iomem En brcmstb_pm_probe(), hay dos tipos de errores de fuga: (1) necesitamos agregar of_node_put() cuando for_each__matching_node() se rompe (2) necesitamos agregar iounmap() para cada iomap en la ruta de error

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-03 CVE Reserved
2024-05-03 CVE Published
2024-05-24 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/0b741b8234c86065fb6954d32d427b3f7e14756f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883	2022-09-15
https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b	2022-09-15
https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558	2022-09-15
https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d	2022-09-15
https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82	2022-09-15
https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1	2022-08-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.258 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.258"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.4.213 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.4.213"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.10.143 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.10.143"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.15.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.15.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.19.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.19.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.0"		en		Affected