CVE-2022-48656

dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check.

References

Link	Tags
https://git.kernel.org/stable/c/aa11dae059a439af82bae541b134f8f53ac177b5	patch
https://git.kernel.org/stable/c/dd5a6c5a08752b613e83ad2cb5133e72a64b876d	patch
https://git.kernel.org/stable/c/a17df55bf6d536712da6902a83db82b82e67d5a2	patch
https://git.kernel.org/stable/c/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e	patch

Frequently Asked Questions

What is the severity of CVE-2022-48656?: CVE-2022-48656 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48656?: To fix CVE-2022-48656, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48656 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-48656 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48656?: CVE-2022-48656 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions