CVE-2022-48856

gianfar: ethtool: Fix refcount leak in gfar_get_ts_info

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with
refcount incremented, We should use of_node_put() on it when done
Add the missing of_node_put() to release the refcount.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gianfar: ethtool: corrige la fuga de refcount en gfar_get_ts_info La función of_find_compatible_node() devuelve un puntero de nodo con refcount incrementado. Deberíamos usar of_node_put() en ella cuando haya terminado. Agregue el of_node_put() que falta para liberar el recuento.

In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-07-16 CVE Published
2024-12-19 CVE Updated
2025-03-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/7349a74ea75ca27606ead81df3ed67f1b32a94ba	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6263f2eb93a85ad7df504daf0c341a7fb6bbe8a6	2022-03-16
https://git.kernel.org/stable/c/f7b3b520349193f8a82cca74daf366199e06add9	2022-03-16
https://git.kernel.org/stable/c/21044e679ed535345042d2023f7df0ca8e897e2a	2022-03-16
https://git.kernel.org/stable/c/f49f646f9ec296fc0afe7ae92c2bb47f23e3846c	2022-03-16
https://git.kernel.org/stable/c/0e1b9a2078e07fb1e6e91bf8badfd89ecab1e848	2022-03-16
https://git.kernel.org/stable/c/2ac5b58e645c66932438bb021cb5b52097ce70b0	2022-03-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 4.19.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 4.19.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.4.185 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.4.185"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.106"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.16.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.16.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.17"		en		Affected