CVE-2022-49591

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: microchip: ksz_common: Fix refcount leak bug

In ksz_switch_register(), we should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux912aae27c6af6605eae967ab540c5e26bd76d421 < 88ec2ff42da3ac93b2437dc52fe25cd4372148e6affected
LinuxLinux912aae27c6af6605eae967ab540c5e26bd76d421 < 4165e02716518bbbe9c9104b39530d40928bc7ceaffected
LinuxLinux912aae27c6af6605eae967ab540c5e26bd76d421 < a14bd7475452c51835dd5a0cee4c8fa48dd0b539affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.15.58 <= 5.15.*unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References