CVE-2022-48860

ethernet: Fix error handling in xemaclite_of_probe

Description

In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemaclite_of_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak. As the remove function do.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/669172ce976608b25a2f76f3c65d47f042d125c9 patch
https://git.kernel.org/stable/c/b7220f8e9d6c6b9594ddfb3125dad938cd478b1f patch
https://git.kernel.org/stable/c/8609e29611befc4bfbe7a91bb50fc65ae72ff549 patch
https://git.kernel.org/stable/c/8ee065a7a9b6a3976c16340503677efc4d8351f6 patch
https://git.kernel.org/stable/c/979b418b96e35f07136f77962ccfaa54cf3e30e1 patch
https://git.kernel.org/stable/c/5e7c402892e189a7bc152b125e72261154aa585d patch
https://git.kernel.org/stable/c/1852854ee349881efb78ccdbbb237838975902e4 patch
https://git.kernel.org/stable/c/b19ab4b38b06aae12442b2de95ccf58b5dc53584 patch

Frequently Asked Questions

What is the severity of CVE-2022-48860?
CVE-2022-48860 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48860?
To fix CVE-2022-48860, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48860 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48860 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48860?
CVE-2022-48860 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.