CVE-2022-49346

net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Every iteration of for_each_available_child_of_node() decrements
the reference count of the previous node.
when breaking early from a for_each_available_child_of_node() loop,
we need to explicitly call of_node_put() on the gphy_fw_np.
Add missing of_node_put() to avoid refcount leak.

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node. when breaking early from a for_each_available_child_of_node() loop, we need to explicitly call of_node_put() on the gphy_fw_np. Add missing of_node_put() to avoid refcount leak.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/14fceff4771e51b23b4485b575cf9e5b3414b89b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7c8df6fad43d9d5d77f281f794b2a93cd02fd1a9	2022-06-14
https://git.kernel.org/stable/c/c2ae49a113a5344232f1ebb93bcf18bbd11e9c39	2022-06-14
https://git.kernel.org/stable/c/54d6802c4d83fa8de7696cfec06f475d5fd92d27	2022-06-14
https://git.kernel.org/stable/c/32cd78c5610f02a929f63cac985e73692d05f33e	2022-06-14
https://git.kernel.org/stable/c/2e007ac6fa7c9c94ad84da075c5c504afad690a0	2022-06-14
https://git.kernel.org/stable/c/0737e018a05e2aa352828c52bdeed3b02cff2930	2022-06-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.10.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.10.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.15.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.15.47"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.19"		en		Affected