CVE-2022-49680

ARM: exynos: Fix refcount leak in exynos_map_pmu

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

MITRE, TN

CWE (0)

CAPEC (-)

Risk

CVSS Score

5.5 Medium

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (8)

>= 3.17 < 4.9.321, >= 3.17 < 4.14.286, >= 3.17 < 4.19.250, >= 3.17 < 5.4.202, >= 3.17 < 5.10.127, >= 3.17 < 5.15.51, >= 3.17 < 5.18.8, >= 3.17 < 5.19

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (9)

General (1)

kernel

Exploits & POcs (-)

Patches (8)

kernel

Advisories (-)

Summary

In the Linux kernel, the following vulnerability has been resolved: ARM: exynos: Fix refcount leak in exynos_map_pmu of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
of_node_put() checks null pointer.

In the Linux kernel, the following vulnerability has been resolved: ARM: exynos: Fix refcount leak in exynos_map_pmu of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() checks null pointer.

*Credits: N/A

CVSS Scores

Tenablev3 5.5
Tenablev2 3.6

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/fce9e5bb25264153f9f002eada41757118d25ba9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/545ae5cbae839ce39bfe09828e413f1c916082de	2022-07-02
https://git.kernel.org/stable/c/31d09571bb071c20f6bdc0bb7ac1ef8dd2987c04	2022-07-02
https://git.kernel.org/stable/c/7571bcecf01b69f0d3ec60ca41ce5d4c75411a4a	2022-07-02
https://git.kernel.org/stable/c/f9b77a52937582a5b99a5a07e4ef1e2f48f87347	2022-06-29
https://git.kernel.org/stable/c/68f28d52e6cbab8dcfa249cac4356d1d0573e868	2022-06-29
https://git.kernel.org/stable/c/d23f76018e17618559da9eea179d137362023f95	2022-06-29
https://git.kernel.org/stable/c/fc354856e9fad9cd36e2ad28f9da70716025055a	2022-06-29
https://git.kernel.org/stable/c/c4c79525042a4a7df96b73477feaf232fe44ae81	2022-06-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 4.9.321 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.9.321"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 4.14.286 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.14.286"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 4.19.250 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.19.250"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.4.202 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.4.202"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.10.127 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.10.127"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.15.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.15.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.18.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.18.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.19"		en		Affected

CVE-2022-49680

ARM: exynos: Fix refcount leak in exynos_map_pmu

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (9)

Affected Vendors, Products, and Versions