CVE-2022-49242

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mxs: Fix error handling in mxs_sgtl5000_probe

This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error paths.
For example, when codec_np is NULL, saif_np[0] and saif_np[1]
are not NULL, it will cause leaks.

of_node_put() will check if the node pointer is NULL, so we can
call it directly to release the refcount of regular pointers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
3.5 ≤
𝑥
< 4.9.311
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.276
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.238
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.189
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.110
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.33
linuxlinux_kernel
5.16 ≤
𝑥
< 5.16.19
linuxlinux_kernel
5.17 ≤
𝑥
< 5.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/44acdaf7acb60054d872bed18ce0e7db8ce900ce
https://git.kernel.org/stable/c/67e12f1cb2f97468c12b59e21975eaa0f332e7d2
https://git.kernel.org/stable/c/6ae0a4d8fec551ec581d620f0eb1fe31f755551c
https://git.kernel.org/stable/c/790d2628e3fcc819d8f5572eb5615113fb2e727a
https://git.kernel.org/stable/c/86b6cf989437e694fd0a15782b5a513853a739e0
https://git.kernel.org/stable/c/8d880226c86f37624e2a5f3c6d92ac0ec3375f96
https://git.kernel.org/stable/c/d2923b48d99fe663cb93d8b481c93299fcd68656
https://git.kernel.org/stable/c/f16ad2c0e22687f80e5981c67374023f51c204b9
https://git.kernel.org/stable/c/f8d38056bcd220ea6f0802a5586d1a12ebcce849