CVE-2022-49712

usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

MITRE, TN

CWE (0)

CAPEC (-)

Risk

CVSS Score

5.5 Medium

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (8)

>= 3.5 < 4.9.320, >= 3.5 < 4.14.285, >= 3.5 < 4.19.249, >= 3.5 < 5.4.200, >= 3.5 < 5.10.124, >= 3.5 < 5.15.49, >= 3.5 < 5.18.6, >= 3.5 < 5.19

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (9)

General (1)

kernel

Exploits & POcs (-)

Patches (8)

kernel

Advisories (-)

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
of_node_put() will check NULL pointer.

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() will check NULL pointer.

*Credits: N/A

CVSS Scores

Tenablev3 5.5
Tenablev2 3.6

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/24a28e4283510dcd58890379a42b8a7d3201d9d3	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d85e4e6284a91aa2d1ab004e9d84b9c09b4aa203	2022-06-25
https://git.kernel.org/stable/c/0ef6917c0524da5b88496b9706628ffef108b9bb	2022-06-25
https://git.kernel.org/stable/c/2a598da14856ead80c726b38ba426c68637d9211	2022-06-25
https://git.kernel.org/stable/c/b75bddfcc18170ce8e3fb695a76ec2dec4ce0ea5	2022-06-22
https://git.kernel.org/stable/c/57901c658f77d9ea2e772f35cb38e47efb54c558	2022-06-22
https://git.kernel.org/stable/c/46da1e4a8b6329479433b2a4056941dfdd7f3efd	2022-06-22
https://git.kernel.org/stable/c/727c82d003e0ec64411fd1257a9a57de4ad7a99a	2022-06-22
https://git.kernel.org/stable/c/4757c9ade34178b351580133771f510b5ffcf9c8	2022-06-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 4.9.320 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 4.9.320"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 4.14.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 4.14.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 4.19.249 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 4.19.249"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.4.200 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.4.200"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.10.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.10.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.15.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.15.49"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.18.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.18.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 5.19"		en		Affected

CVE-2022-49712

usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (9)

Affected Vendors, Products, and Versions