CVE-2022-49679

ARM: Fix refcount leak in axxia_boot_secondary

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

MITRE, TN

CWE (0)

CAPEC (-)

Risk

CVSS Score

7.1 High

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (8)

>= 3.16 < 4.9.321, >= 3.16 < 4.14.286, >= 3.16 < 4.19.250, >= 3.16 < 5.4.202, >= 3.16 < 5.10.127, >= 3.16 < 5.15.51, >= 3.16 < 5.18.8, >= 3.16 < 5.19

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (9)

General (1)

kernel

Exploits & POcs (-)

Patches (8)

kernel

Advisories (-)

Summary

In the Linux kernel, the following vulnerability has been resolved: ARM: Fix refcount leak in axxia_boot_secondary of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.

In the Linux kernel, the following vulnerability has been resolved: ARM: Fix refcount leak in axxia_boot_secondary of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.

*Credits: N/A

CVSS Scores

Tenablev3 7.1
Tenablev2 2.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/1d22924e1c4e299337e86e290c02c3e3eb43b608	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a9b76c232a1ce4cbf27862097f7eb634dcc779eb	2022-07-02
https://git.kernel.org/stable/c/b385cb59aac8d61c29bc72ebf3d19a536914af96	2022-07-02
https://git.kernel.org/stable/c/71e12e5b02674459a24f16e965255d63b31fe049	2022-07-02
https://git.kernel.org/stable/c/29ca9c4efacccdc15104a8d4bf10b5183fc92840	2022-06-29
https://git.kernel.org/stable/c/44a5b3a073e5aaa5720929dba95b2725eb32bb65	2022-06-29
https://git.kernel.org/stable/c/4d9c60e868f7cf8e09956e7d5bb44d807d712699	2022-06-29
https://git.kernel.org/stable/c/3c19fe3f04f4f4e7a2b722c2fd3c98356fc1d72b	2022-06-29
https://git.kernel.org/stable/c/7c7ff68daa93d8c4cdea482da4f2429c0398fcde	2022-06-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 4.9.321 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.9.321"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 4.14.286 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.14.286"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 4.19.250 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.19.250"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.4.202 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.4.202"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.10.127 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.10.127"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.15.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.15.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.18.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.18.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.19"		en		Affected

CVE-2022-49679

ARM: Fix refcount leak in axxia_boot_secondary

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (9)

Affected Vendors, Products, and Versions