CVE-2022-48693 - Vulnerability Details - OpenCVE

ReportizFlow

In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks (2) we need to add iounmap() for each iomap in fail path

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883
https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1
https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d
https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b
https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82
https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558
https://lore.kernel.org/linux-cve-announce/2024050347-CVE-2022-48693-3e82@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-48693
https://www.cve.org/CVERecord?id=CVE-2022-48693

History

Fri, 01 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024050347-CVE-2022-48693-3e82@gregkh/T/#u

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-03T15:05:46.868Z

Updated: 2024-12-19T08:05:41.726Z

Reserved: 2024-05-03T14:55:07.145Z

Link: CVE-2022-48693

Vulnrichment

Updated: 2024-08-03T15:17:55.717Z

NVD

Status : Modified

Published: 2024-05-03T15:15:07.990

Modified: 2024-11-21T07:33:47.997

Link: CVE-2022-48693

Redhat

Severity : Moderate

Publid Date: 2024-05-03T00:00:00Z

Links: CVE-2022-48693 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48693", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-03T14:55:07.145Z", "datePublished": "2024-05-03T15:05:46.868Z", "dateUpdated": "2024-12-19T08:05:41.726Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:05:41.726Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soc/bcm/brcmstb/pm/pm-arm.c"], "versions": [{"version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "0284b4e6dec6088a41607aa3f42bf51edff01883", "status": "affected", "versionType": "git"}, {"version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "57b2897ec3ffe4cbe018446be6d04432919dca6b", "status": "affected", "versionType": "git"}, {"version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "6dc0251638a4a1a998506dbd4627f8317e907558", "status": "affected", "versionType": "git"}, {"version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "43245c77d9efd8c9eb91bf225d07954dcf32204d", "status": "affected", "versionType": "git"}, {"version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "653500b400d5576940b7429690f7197199ddcc82", "status": "affected", "versionType": "git"}, {"version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "1085f5080647f0c9f357c270a537869191f7f2a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soc/bcm/brcmstb/pm/pm-arm.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.258", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.213", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.143", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.68", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.9", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883"}, {"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b"}, {"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558"}, {"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d"}, {"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82"}, {"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1"}], "title": "soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.717Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48693", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:43:32.791799Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:27.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.717Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48693", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:43:32.791799Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.763Z"}}], "cna": {"title": "soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "0284b4e6dec6088a41607aa3f42bf51edff01883", "versionType": "git"}, {"status": "affected", "version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "57b2897ec3ffe4cbe018446be6d04432919dca6b", "versionType": "git"}, {"status": "affected", "version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "6dc0251638a4a1a998506dbd4627f8317e907558", "versionType": "git"}, {"status": "affected", "version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "43245c77d9efd8c9eb91bf225d07954dcf32204d", "versionType": "git"}, {"status": "affected", "version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "653500b400d5576940b7429690f7197199ddcc82", "versionType": "git"}, {"status": "affected", "version": "0b741b8234c86065fb6954d32d427b3f7e14756f", "lessThan": "1085f5080647f0c9f357c270a537869191f7f2a1", "versionType": "git"}], "programFiles": ["drivers/soc/bcm/brcmstb/pm/pm-arm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.15"}, {"status": "unaffected", "version": "0", "lessThan": "4.15", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.258", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.213", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.143", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.68", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.19.9", "versionType": "semver", "lessThanOrEqual": "5.19.*"}, {"status": "unaffected", "version": "6.0", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/soc/bcm/brcmstb/pm/pm-arm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883"}, {"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b"}, {"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558"}, {"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d"}, {"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82"}, {"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:05:41.726Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48693", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:05:41.726Z", "dateReserved": "2024-05-03T14:55:07.145Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-03T15:05:46.868Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "253D30F5-3734-4663-883A-288786D3B66E", "versionEndExcluding": "4.19.258", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C373116-9E23-44BA-A6B7-87C8BF5C3B85", "versionEndExcluding": "5.4.213", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E77EECF5-C31E-4342-8014-AA844BB83A76", "versionEndExcluding": "5.10.143", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C440CED2-FE3C-495D-839C-857FFC6F523A", "versionEndExcluding": "5.15.68", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4895A99-6E1B-4C76-A510-FDED00AD7D29", "versionEndExcluding": "5.19.9", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: brcmstb: pm-arm: corrige los errores de fuga de refcount y __iomem En brcmstb_pm_probe(), hay dos tipos de errores de fuga: (1) necesitamos agregar of_node_put() cuando for_each__matching_node() se rompe (2) necesitamos agregar iounmap() para cada iomap en la ruta de error"}], "id": "CVE-2022-48693", "lastModified": "2024-11-21T07:33:47.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-05-03T15:15:07.990", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs", "id": "2278944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278944"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path", "A flaw was found in the s2-arm module in the Linux kernel. Under some conditions, a memory leak can occur in the brcmstb_pm_probe function in the drivers/soc/bcm/brcmstb/pm/pm-arm.c file, potentially impacting system performance and resulting in a denial of service."], "name": "CVE-2022-48693", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48693\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48693\nhttps://lore.kernel.org/linux-cve-announce/2024050347-CVE-2022-48693-3e82@gregkh/T/#u"], "statement": "The s2-arm module is not built in the kernel shipped in Red Hat Enterprise Linux 8 and 9, so it is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.258, kernel 5.4.213, kernel 5.10.143, kernel 5.15.68, kernel 5.19.9, kernel 6.0"}