CVE-2022-49283

In the Linux kernel, the following vulnerability has been resolved:

firmware: sysfb: fix platform-device leak in error path

Make sure to free the platform device also in the unlikely event that
registration fails.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
linuxlinux_kernel
5.15 ≤
𝑥
< 5.15.33
linuxlinux_kernel
5.16 ≤
𝑥
< 5.16.19
linuxlinux_kernel
5.17 ≤
𝑥
< 5.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/202c08914ba50dd324e42d5ad99535a89f242560
https://git.kernel.org/stable/c/b3e38f939ab4d0d86f56bff3362c3f88c4b2ad32
https://git.kernel.org/stable/c/bb7fcbe80a013dc883181dc818c407d38558f76c
https://git.kernel.org/stable/c/fed4df558b8cdb6f3beea38a7c977f118f082b0d