Refcount Leak Vulnerability in Linux Kernel's LPC32XX USB Gadget Driver
CVE-2022-49712

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 February 2025

Summary

A refcount leak was identified in the LPC32XX USB gadget driver within the Linux kernel, which occurs during the probe process of the driver. The function of_parse_phandle() incorrectly retains a node pointer without releasing it appropriately, leading to a potential memory management issue. To mitigate this, the function now includes the necessary of_node_put() calls to ensure that node pointers are released when they are no longer needed. This fix prevents unnecessary memory retention, maintaining the stability and reliability of systems running the affected driver.

Affected Version(s)

Linux 24a28e4283510dcd58890379a42b8a7d3201d9d3

Linux 24a28e4283510dcd58890379a42b8a7d3201d9d3 < 0ef6917c0524da5b88496b9706628ffef108b9bb

Linux 24a28e4283510dcd58890379a42b8a7d3201d9d3 < 2a598da14856ead80c726b38ba426c68637d9211

References

https://git.kernel.org/stable/c/d85e4e6284a91aa2d1ab004e9...

https://git.kernel.org/stable/c/0ef6917c0524da5b88496b970...

https://git.kernel.org/stable/c/2a598da14856ead80c726b38b...

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025