CVE-2022-49887 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef
https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba
https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f
https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80
https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
Vendors & Products		Linux Linux linux Kernel
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called.
Title		media: meson: vdec: fix possible refcount leak in vdec_probe()
References		https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80 https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49887", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.242Z", "datePublished": "2025-05-01T14:10:32.569Z", "dateUpdated": "2025-05-04T08:47:49.296Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:47:49.296Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: meson: vdec: fix possible refcount leak in vdec_probe()\n\nv4l2_device_unregister need to be called to put the refcount got by\nv4l2_device_register when vdec_probe fails or vdec_remove is called."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/media/meson/vdec/vdec.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "70119756311a0be3b95bec2e1ba714673e90feba", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "be6e22f54623d8a856a4f167b25be73c2ff1ff80", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f96ad391d054bd5c36994f98afd6a12cbb5600bf", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7718999356234d9cc6a11b4641bb773928f1390f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/media/meson/vdec/vdec.c"], "versions": [{"version": "5.4.224", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.154", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.78", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.8", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.224"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.0.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba"}, {"url": "https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80"}, {"url": "https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf"}, {"url": "https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef"}, {"url": "https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f"}], "title": "media: meson: vdec: fix possible refcount leak in vdec_probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2022-49887 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2025-05-01T14:05:17.242Z (string)

datePublished : 2025-05-01T14:10:32.569Z (string)

dateUpdated : 2025-05-04T08:47:49.296Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:47:49.296Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/staging/media/meson/vdec/vdec.c (string)

]

versions : [ »

0 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 70119756311a0be3b95bec2e1ba714673e90feba (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : be6e22f54623d8a856a4f167b25be73c2ff1ff80 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : f96ad391d054bd5c36994f98afd6a12cbb5600bf (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 7718999356234d9cc6a11b4641bb773928f1390f (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/staging/media/meson/vdec/vdec.c (string)

]

versions : [ »

0 : { »

version : 5.4.224 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

1 : { »

version : 5.10.154 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 5.15.78 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 6.0.8 (string)

lessThanOrEqual : 6.0.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 6.1 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.4.224 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.10.154 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.15.78 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 6.0.8 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 6.1 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba (string)

}

1 : { »

url : https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf (string)

}

3 : { »

url : https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef (string)

}

4 : { »

url : https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f (string)

}

]

title : media: meson: vdec: fix possible refcount leak in vdec_probe() (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A06F3FB-68BF-4D02-8B97-06AB86DC13A7", "versionEndExcluding": "5.4.224", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "475D097C-AB5A-4CF5-899F-413077854ABD", "versionEndExcluding": "5.10.154", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1", "versionEndExcluding": "5.15.78", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC9A754E-625D-42F3-87A7-960D643E2867", "versionEndExcluding": "6.0.8", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: meson: vdec: fix possible refcount leak in vdec_probe()\n\nv4l2_device_unregister need to be called to put the refcount got by\nv4l2_device_register when vdec_probe fails or vdec_remove is called."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: meson: vdec: corrige posible p\u00e9rdida de recuento de referencias en vdec_probe(). Se debe llamar a v4l2_device_unregister para colocar el recuento de referencias obtenido por v4l2_device_register cuando vdec_probe falla o se llama a vdec_remove."}], "id": "CVE-2022-49887", "lastModified": "2025-05-07T13:20:20.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-01T15:16:13.690", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1A06F3FB-68BF-4D02-8B97-06AB86DC13A7 (string)

versionEndExcluding : 5.4.224 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 475D097C-AB5A-4CF5-899F-413077854ABD (string)

versionEndExcluding : 5.10.154 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1 (string)

versionEndExcluding : 5.15.78 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EC9A754E-625D-42F3-87A7-960D643E2867 (string)

versionEndExcluding : 6.0.8 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : E7E331DA-1FB0-4DEC-91AC-7DA69D461C11 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: meson: vdec: corrige posible pérdida de recuento de referencias en vdec_probe(). Se debe llamar a v4l2_device_unregister para colocar el recuento de referencias obtenido por v4l2_device_register cuando vdec_probe falla o se llama a vdec_remove. (string)

}

]

id : CVE-2022-49887 (string)

lastModified : 2025-05-07T13:20:20.687 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2025-05-01T15:16:13.690 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0457e7b12ece1a7e41fa0ae8b7e47c0a72a83bef (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/7718999356234d9cc6a11b4641bb773928f1390f (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/be6e22f54623d8a856a4f167b25be73c2ff1ff80 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f96ad391d054bd5c36994f98afd6a12cbb5600bf (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object