CVE-2022-48723

2024-06-2011:15:55

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

spi vulnerability

reference count

fix

uniphier spi probe

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

spi: uniphier: fix reference count leak in uniphier_spi_probe()

The issue happens in several error paths in uniphier_spi_probe().
When either dma_get_slave_caps() or devm_spi_register_master() returns
an error code, the function forgets to decrease the refcount of both
dma_rx and dma_tx objects, which may lead to refcount leaks.

Fix it by decrementing the reference count of specific objects in
those error paths.

Affected configurations

Nvd

Node

linuxlinux_kernelRange5.6–5.10.99

linuxlinux_kernelRange5.11–5.15.22

linuxlinux_kernelRange5.16–5.16.8

linuxlinux_kernelMatch5.17rc1

linuxlinux_kernelMatch5.17rc2

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::