CVE-2022-48656

MEDIUM

Linux Kernel 5.6-5.19.12 - Use-After-Free in DMA Engine of_xudma_dev_get

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/aa11dae059a439af82bae541b134f8f53ac177b5

Patch

https://git.kernel.org/stable/c/dd5a6c5a08752b613e83ad2cb5133e72a64b876d

Patch

https://git.kernel.org/stable/c/a17df55bf6d536712da6902a83db82b82e67d5a2

Patch

https://git.kernel.org/stable/c/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 17.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (14)

linux/Kernel 5.11.0 - 5.15.71linux

linux/Kernel 5.16.0 - 5.19.12linux

linux/Kernel 5.6.0 - 5.10.146linux

Linux/Linux < 5.6

Linux/Linux 5.10.146 - 5.10.*

Linux/Linux 5.15.71 - 5.15.*

Linux/Linux 5.19.12 - 5.19.*

Linux/Linux 5.6

Linux/Linux 6.0

Linux/Linux d702419134133db1eab2067dc6ea5723467fd917 - a17df55bf6d536712da6902a83db82b82e67d5a2

... and 4 more

Published Apr 28, 2024

Tracked Since Feb 18, 2026