CVE-2022-49351

In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in altera_tse_mdio_create Every iteration of for_each_child_of_node() decrements the reference count of the previous node. When break from a for_each_child_of_node() loop, we need to explicitly call of_node_put() on the child node when not need anymore. Add missing of_node_put() to avoid refcount leak.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c	Patch
https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584	Patch
https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de	Patch
https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801	Patch
https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be	Patch
https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239	Patch
https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8	Patch
https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833	Patch
https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::

History

14 Apr 2025, 19:46

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c -~~	() https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c - Patch
References	~~() https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584 -~~	() https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584 - Patch
References	~~() https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de -~~	() https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de - Patch
References	~~() https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801 -~~	() https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801 - Patch
References	~~() https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be -~~	() https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be - Patch
References	~~() https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239 -~~	() https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239 - Patch
References	~~() https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8 -~~	() https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8 - Patch
References	~~() https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833 -~~	() https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833 - Patch
References	~~() https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655 -~~	() https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: altera: Se corrige la pérdida de recuento de referencias en altera_tse_mdio_create Cada iteración de for_each_child_of_node() disminuye el recuento de referencias del nodo anterior. Cuando se interrumpe un bucle for_each_child_of_node(), debemos llamar explícitamente a of_node_put() en el nodo secundario cuando ya no lo necesitamos. Agregue of_node_put() faltante para evitar la pérdida de recuento de referencias.
CWE		NVD-CWE-Other
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-04-14 19:46

NVD link : CVE-2022-49351

Mitre link : CVE-2022-49351

CVE.ORG link : CVE-2022-49351

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

5.5 /10