CVE-2022-49212

In the Linux kernel, the following vulnerability has been resolved:

mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init

The reference counting issue happens in several error handling paths
on a refcounted object "nc->dmac". In these paths, the function simply
returns the error code, forgetting to balance the reference count of
"nc->dmac", increased earlier by dma_request_channel(), which may
cause refcount leaks.

Fix it by decrementing the refcount of specific object in those error
paths.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
4.12 ≤
𝑥
< 4.14.276
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.238
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.189
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.110
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.33
linuxlinux_kernel
5.16 ≤
𝑥
< 5.16.19
linuxlinux_kernel
5.17 ≤
𝑥
< 5.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/0856bf27057561f42b37df111603cf5a0d040294
https://git.kernel.org/stable/c/8baea2b96fa90af8d0f937caf4cf2105ee094d93
https://git.kernel.org/stable/c/9843c9c98f26c6ad843260b19bfdaa2598f2ae1e
https://git.kernel.org/stable/c/9b08d211db4c447eb1a07df65e45e0aa772e0fa6
https://git.kernel.org/stable/c/a3587259ae553e41d1ce8c7435351a5d6b299a11
https://git.kernel.org/stable/c/f1694169f3674cdf7553aed06864254635679878
https://git.kernel.org/stable/c/fe0e2ce5c87e9c0b9485ff566362030aa55972cf
https://git.kernel.org/stable/c/fecbd4a317c95d73c849648c406bcf1b6a0ec1cf