CVE-2022-49712

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe

of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
of_node_put() will check NULL pointer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
linuxlinux_kernel
3.5 ≤
𝑥
< 4.9.320
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.285
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.249
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.200
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.124
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.49
linuxlinux_kernel
5.16 ≤
𝑥
< 5.18.6
linuxlinux_kernel
5.19:rc1
linuxlinux_kernel
5.19:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/0ef6917c0524da5b88496b9706628ffef108b9bb
https://git.kernel.org/stable/c/2a598da14856ead80c726b38ba426c68637d9211
https://git.kernel.org/stable/c/46da1e4a8b6329479433b2a4056941dfdd7f3efd
https://git.kernel.org/stable/c/4757c9ade34178b351580133771f510b5ffcf9c8
https://git.kernel.org/stable/c/57901c658f77d9ea2e772f35cb38e47efb54c558
https://git.kernel.org/stable/c/727c82d003e0ec64411fd1257a9a57de4ad7a99a
https://git.kernel.org/stable/c/b75bddfcc18170ce8e3fb695a76ec2dec4ce0ea5
https://git.kernel.org/stable/c/d85e4e6284a91aa2d1ab004e9d84b9c09b4aa203