CVE-2022-49678

soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe

Description

In the Linux kernel, the following vulnerability has been resolved: soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In brcmstb_init_sram, it pass dn to of_address_to_resource(), of_address_to_resource() will call of_find_device_by_node() to take reference, so we should release the reference returned by of_find_matching_node().

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4f5877bdf7b593e988f1924f4c3df6523f80b39c patch
https://git.kernel.org/stable/c/734a4d15142bb4c8ecad2d8ec70d7564e78ae34d patch
https://git.kernel.org/stable/c/30bbfeb480ae8b5ee43199d72417b232590440c2 patch
https://git.kernel.org/stable/c/10ba9d499a9fd82ed40897e734ba19870a879407 patch
https://git.kernel.org/stable/c/dcafd5463d8f20c4f90ddc138a5738adb99f74c8 patch
https://git.kernel.org/stable/c/37d838de369b07b596c19ff3662bf0293fdb09ee patch

Frequently Asked Questions

What is the severity of CVE-2022-49678?
CVE-2022-49678 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49678?
To fix CVE-2022-49678, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49678 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49678 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49678?
CVE-2022-49678 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.