CVE-2022-49188

remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region The device_node pointer is returned by of_parse_phandle() or
of_get_child_by_name() with refcount incremented.
We should use of_node_put() on it when done. This function only call of_node_put(node) when of_address_to_resource
succeeds, missing error cases.

A flaw was found in the qcom_q6v5_mss module in the Linux kernel. A memory leak can occur when allocated memory is not released in certain error cases, potentially impacting system performance and resulting in a denial of service.

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region The device_node pointer is returned by of_parse_phandle() or of_get_child_by_name() with refcount incremented. We should use of_node_put() on it when done. This function only call of_node_put(node) when of_address_to_resource succeeds, missing error cases.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2026-04-06 EPSS Updated
2026-05-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/051fb70fd4ea40fbc7139186a4890b2fe5cb1e76	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f7210ca29a783c94478da02368731e4c9cf7cdb7	2022-04-08
https://git.kernel.org/stable/c/bd4771ba2cf9e18473a42b5b70175e50d67a64bb	2022-04-08
https://git.kernel.org/stable/c/a7d988735e757e111f9722de7cf1b40a84a48b1f	2022-04-08
https://git.kernel.org/stable/c/b9df3007b3cda4936cc50f5a7d2d30505a652828	2022-04-08
https://git.kernel.org/stable/c/07a5dcc4bed9d7cae54adf5aa10ff9f037a3204b	2022-03-11

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49188	2022-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=2348028	2022-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.110 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.110"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.16.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.16.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.17.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.17.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.18"		en		Affected