Linux Kernel Vulnerability in GIC-v3 Error Handling
CVE-2022-49716

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 February 2025

Summary

A vulnerability in the Linux kernel's GIC-v3 component was identified where improper error handling in the gic_populate_ppi_partitions function could lead to a refcount leak. Specifically, the function of_get_child_by_name() returns a node pointer with an incremented reference count that must be properly managed. If the kcalloc function fails, the existing code does not appropriately release the node, resulting in potential memory issues. This flaw has now been addressed by ensuring that of_node_put() is called when the node is no longer needed, thereby preventing resource leaks.

Affected Version(s)

Linux 52085d3f2028d853f8d6ce7ead2f8a504f6077fa < 58e67c81e229351027d28c610638378606e33a08

Linux 52085d3f2028d853f8d6ce7ead2f8a504f6077fa < 7c9dd9d23f26dabcfb14148b9acdfba540418b19

Linux 52085d3f2028d853f8d6ce7ead2f8a504f6077fa < 0b325d993995a321f6ab4e6c51f0504ec092bf5b

References

https://git.kernel.org/stable/c/58e67c81e229351027d28c610...

https://git.kernel.org/stable/c/7c9dd9d23f26dabcfb14148b9...

https://git.kernel.org/stable/c/0b325d993995a321f6ab4e6c5...

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025