5.5

CVE-2022-49188

remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region

The device_node pointer is returned by of_parse_phandle() or
of_get_child_by_name() with refcount incremented.
We should use of_node_put() on it when done.

This function only call of_node_put(node) when of_address_to_resource
succeeds, missing error cases.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.8 < 5.10.110
LinuxLinux Kernel Version >= 5.11 < 5.15.33
LinuxLinux Kernel Version >= 5.16 < 5.16.19
LinuxLinux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/07a5dcc4bed9d7cae54adf5aa10ff9f037a3204b
Patch
https://git.kernel.org/stable/c/a7d988735e757e111f9722de7cf1b40a84a48b1f
Patch
https://git.kernel.org/stable/c/b9df3007b3cda4936cc50f5a7d2d30505a652828
Patch
https://git.kernel.org/stable/c/bd4771ba2cf9e18473a42b5b70175e50d67a64bb
Patch
https://git.kernel.org/stable/c/f7210ca29a783c94478da02368731e4c9cf7cdb7
Patch