CVE-2022-49716

Summary

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions

of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. When kcalloc fails, it missing of_node_put() and results in refcount leak. Fix this by goto out_put_node label.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux52085d3f2028d853f8d6ce7ead2f8a504f6077fa < 58e67c81e229351027d28c610638378606e33a08affected
LinuxLinux52085d3f2028d853f8d6ce7ead2f8a504f6077fa < 7c9dd9d23f26dabcfb14148b9acdfba540418b19affected
LinuxLinux52085d3f2028d853f8d6ce7ead2f8a504f6077fa < 0b325d993995a321f6ab4e6c51f0504ec092bf5baffected
LinuxLinux52085d3f2028d853f8d6ce7ead2f8a504f6077fa < c83c34c57798fc41faefcf078be78683db2f4bebaffected
LinuxLinux52085d3f2028d853f8d6ce7ead2f8a504f6077fa < ec8401a429ffee34ccf38cebf3443f8d5ae6cb0daffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.200 <= 5.4.*unaffected
LinuxLinux5.10.124 <= 5.10.*unaffected
LinuxLinux5.15.49 <= 5.15.*unaffected
LinuxLinux5.18.6 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References