CVE-2022-48661

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/02743c4091ccfb246f5cdbbe3f44b152d5d12933	Patch
https://git.kernel.org/stable/c/41f857033c44442a27f591fda8d986e7c9e42872	Patch
https://git.kernel.org/stable/c/9b26723e058faaf11b532fb4aa16d6849d581790	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-04-28 13:15

Updated : 2024-04-30 15:05

NVD link : CVE-2022-48661

Mitre link : CVE-2022-48661

CVE.ORG link : CVE-2022-48661

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2022-48661", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-04-28T13:15:07.897", "references": [{"url": "https://git.kernel.org/stable/c/02743c4091ccfb246f5cdbbe3f44b152d5d12933", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/41f857033c44442a27f591fda8d986e7c9e42872", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9b26723e058faaf11b532fb4aa16d6849d581790", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mockup: Fix potential resource leakage when register a chip\n\nIf creation of software node fails, the locally allocated string\narray is left unfreed. Free it on error path."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gpio: maqueta: corrige una posible fuga de recursos al registrar un chip. Si falla la creaci\u00f3n del nodo de software, la matriz de cadenas asignada localmente queda sin liberar. Lib\u00e9relo en la ruta de error."}], "lastModified": "2024-04-30T15:05:37.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA574867-6574-44D7-B365-96D57A9704AF", "versionEndExcluding": "5.15.71", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B0F56B-C5CC-4E81-BB51-D07D569DE4CA", "versionEndExcluding": "5.19.12", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}