CVE-2022-48656 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-48656

CVE-2022-48656

April 28, 2024

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check.

Related Resources (7)

https://git.kernel.org/stable/c/a17df55bf6d536712da6902a83db82b82e67d5a2

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48656.json

https://git.kernel.org/stable/c/aa11dae059a439af82bae541b134f8f53ac177b5

https://git.kernel.org/stable/c/dd5a6c5a08752b613e83ad2cb5133e72a64b876d

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

https://nvd.nist.gov/vuln/detail/CVE-2022-48656

https://git.kernel.org/stable/c/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools