Fix refcount leak bug in of_xudma_dev_get()

CVE-2022-48656

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the Linux kernel's DMA engine, specifically concerning Texas Instruments' K3 UDMA private implementation. This issue arises from a reference count leak due to insufficient handling of the reference returned by of_parse_phandle(). The affected code does not properly release the resource when it is no longer in use or during failure paths, leading to potential resource mismanagement. Proper mitigation involves moving the call to of_node_put() earlier in the code flow to ensure that resources are released appropriately, thereby preventing leaks that could hinder system stability.

Affected Version(s)

Linux d702419134133db1eab2067dc6ea5723467fd917

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-48656-POC
Created by Einstein2150

References

https://git.kernel.org/stable/c/aa11dae059a439af82bae541b...

https://git.kernel.org/stable/c/dd5a6c5a08752b613e83ad2cb...

https://git.kernel.org/stable/c/a17df55bf6d536712da6902a8...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 22, 2024
👾
Exploit known to exist
Oct 22, 2024
Vulnerability published
Apr 28, 2024
Vulnerability Reserved
Feb 25, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)