Lucene search

GoogleOSV:CVE-2022-48859

HistoryJul 16, 2024 - 1:15 p.m.

CVE-2022-48859

2024-07-1613:15:12

Google

osv.dev

linux kernel

cve-2022-48859

net: marvell

prestera

of_node_put

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr

This node pointer is returned by of_find_compatible_node() with
refcount incremented. Calling of_node_put() to aovid the refcount leak.

References

git.kernel.org/stable/c/4cc66bf17220ff9631f9fa99b02a872e0ad5a08b

git.kernel.org/stable/c/b7c2fd1d126329340639adfb8dd2938fe4b65df7

git.kernel.org/stable/c/c9ffa3e2bc451816ce0295e40063514fabf2bd36

security-tracker.debian.org/tracker/CVE-2022-48859

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

JSON

Related for OSV:CVE-2022-48859