mtd: rawnand: gpmi: don't leak PM reference in error path
CVE-2022-48778

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 July 2024

What is CVE-2022-48778?

A vulnerability has been identified in the Linux kernel concerning memory management during error handling for the rawnand GPIMI subsystem. This issue arises when the function gpmi_nfc_apply_timings() encounters an error, which leads to a failure to properly decrement the PM runtime usage counter. Failure to address this flaw may lead to unintended resource retention, negatively impacting system performance and stability. System administrators are advised to apply the latest updates to mitigate any potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 29218853877a748a2ca41d9957a84b2d6a7f56a7 < 4cd3281a910a5adf73b2a0a82241dd67844d0b25

Linux 538a5e208e7d29e8b3cb1d79bbb757e8c763b680

Linux 0fe08bf9909f02eb487af2cc829f2853ea69bc96 < 4a7ec50298b1127c5024a750c969ea0794899545

References

https://git.kernel.org/stable/c/4cd3281a910a5adf73b2a0a82...

https://git.kernel.org/stable/c/a4eeeaca50199e3f19eb13ac3...

https://git.kernel.org/stable/c/4a7ec50298b1127c5024a750c...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024
Vulnerability Reserved
Jun 20, 2024

JSON

Linux

What is CVE-2022-48778?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.