CVE-2022-49454

MEDIUM EPSS 14.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek: Fix refcount leak in mtk_pcie_subsys_powerup() The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 4

  • git.kernel.org https://git.kernel.org/stable/c/09b2d906d78ddf5042b1f3e0091835fc6997e8a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/214e0d8fe4a813ae6ffd62bc2dfe7544c20914f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4cef4237d6c37257cb6ddc397723e9c0dded0efe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad1c9d13e04509ae24fae8dd2897148657323519
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/09b2d906d78ddf5042b1f3e0091835fc6997e8a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/214e0d8fe4a813ae6ffd62bc2dfe7544c20914f4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4cef4237d6c37257cb6ddc397723e9c0dded0efe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad1c9d13e04509ae24fae8dd2897148657323519
    Patch