CVE-2022-49460

MEDIUM EPSS 15.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: rk3399_dmc: Disable edev on remove() Otherwise we hit an unablanced enable-count when unbinding the DFI device: [ 1279.659119] ------------[ cut here ]------------ [ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c ... [ 1279.659352] Hardware name: Google Kevin (DT) [ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--) [ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c [ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28 ... [ 1279.659571] Call trace: [ 1279.659582] devfreq_event_remove_edev+0x84/0x8c [ 1279.659590] devm_devfreq_event_release+0x1c/0x28 [ 1279.659602] release_nodes+0x1cc/0x244 [ 1279.659611] devres_release_all+0x44/0x60 [ 1279.659621] device_release_driver_internal+0x11c/0x1ac [ 1279.659629] device_driver_detach+0x20/0x2c [ 1279.659641] unbind_store+0x7c/0xb0 [ 1279.659650] drv_attr_store+0x2c/0x40 [ 1279.659663] sysfs_kf_write+0x44/0x58 [ 1279.659672] kernfs_fop_write_iter+0xf4/0x190 [ 1279.659684] vfs_write+0x2b0/0x2e4 [ 1279.659693] ksys_write+0x80/0xec [ 1279.659701] __arm64_sys_write+0x24/0x30 [ 1279.659714] el0_svc_common+0xf0/0x1d8 [ 1279.659724] do_el0_svc_compat+0x28/0x3c [ 1279.659738] el0_svc_compat+0x10/0x1c [ 1279.659746] el0_sync_compat_handler+0xa8/0xcc [ 1279.659758] el0_sync_compat+0x188/0x1c0 [ 1279.659768] ---[ end trace cec200e5094155b4 ]---

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥4.9  –  <4.19.247
linuxlinux_kernel*≥4.20  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.121
linuxlinux_kernel*≥5.11  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 7

  • git.kernel.org https://git.kernel.org/stable/c/2fccf9e6050e0e3b8b4cd275d41daf7f7fa22804
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/664736e2cc09e504ce58ec61164d029d1f2651bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/86b091b6894c449d2734de7aa7d79ccb33ffd97d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0180e324a9a63de8f770da300477b48cb4a53f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9c2b23a7ac6ab19214cad8cac8af8608a4d9cef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb1be1d4be18fe286ba5a67d928598378fd7fbe5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb089b6f21de03a685dd31df3789bbb01c59f8e3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2fccf9e6050e0e3b8b4cd275d41daf7f7fa22804
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/664736e2cc09e504ce58ec61164d029d1f2651bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/86b091b6894c449d2734de7aa7d79ccb33ffd97d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0180e324a9a63de8f770da300477b48cb4a53f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9c2b23a7ac6ab19214cad8cac8af8608a4d9cef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb1be1d4be18fe286ba5a67d928598378fd7fbe5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb089b6f21de03a685dd31df3789bbb01c59f8e3
    Patch