CVE-2022-48669 : In the Linux kernel, the following vulnerability has been resolved: powerpc/pse

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure.

Published 2024-05-01 13:15:48

Updated 2025-04-08 18:42:41

Source Linux

View at NVD, CVE.org

Products affected by CVE-2022-48669

Linux » Linux Kernel
Versions from including (>=) 6.8 and before (<) 6.8.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.18 and before (<) 6.1.83
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.7.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.23
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-48669

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-48669

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-10-29
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2022-48669	2024-05-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-48669

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-48669

https://git.kernel.org/stable/c/7f7d39fe3d80d6143404940b2413010cf6527029

powerpc/pseries: Fix potential memleak in papr_get_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/d0647c3e81eff62b66d46fd4e475318cb8cb3610

powerpc/pseries: Fix potential memleak in papr_get_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/a3f22feb2220a945d1c3282e34199e8bcdc5afc4

powerpc/pseries: Fix potential memleak in papr_get_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/1699fb915b9f61794d559b55114c09a390aaf234

powerpc/pseries: Fix potential memleak in papr_get_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/cda9c0d556283e2d4adaa9960b2dc19b16156bae

powerpc/pseries: Fix potential memleak in papr_get_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2022-48669

Products affected by CVE-2022-48669

Exploit prediction scoring system (EPSS) score for CVE-2022-48669

CVSS scores for CVE-2022-48669

CWE ids for CVE-2022-48669

References for CVE-2022-48669