CVE-2022-48856

gianfar: ethtool: Fix refcount leak in gfar_get_ts_info

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

gianfar: ethtool: Fix refcount leak in gfar_get_ts_info

The of_find_compatible_node() function returns a node pointer with
refcount incremented, We should use of_node_put() on it when done
Add the missing of_node_put() to release the refcount.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gianfar: ethtool: corrige la fuga de refcount en gfar_get_ts_info La función of_find_compatible_node() devuelve un puntero de nodo con refcount incrementado. Deberíamos usar of_node_put() en ella cuando haya terminado. Agregue el of_node_put() que falta para liberar el recuento.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-07-16 CVE Published
2024-07-24 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/7349a74ea75ca27606ead81df3ed67f1b32a94ba	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6263f2eb93a85ad7df504daf0c341a7fb6bbe8a6	2022-03-16
https://git.kernel.org/stable/c/f7b3b520349193f8a82cca74daf366199e06add9	2022-03-16
https://git.kernel.org/stable/c/21044e679ed535345042d2023f7df0ca8e897e2a	2022-03-16
https://git.kernel.org/stable/c/f49f646f9ec296fc0afe7ae92c2bb47f23e3846c	2022-03-16
https://git.kernel.org/stable/c/0e1b9a2078e07fb1e6e91bf8badfd89ecab1e848	2022-03-16
https://git.kernel.org/stable/c/2ac5b58e645c66932438bb021cb5b52097ce70b0	2022-03-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 4.19.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 4.19.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.4.185 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.4.185"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.106"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.16.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.16.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.17"		en		Affected