PT-2024-11828 · Linux+4 · Linux Kernel+4

Published

2022-12-06

·

Updated

2026-03-14

·

CVE-2022-48961

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to an unbalanced fwnode reference count in the Linux kernel's mdio device release() function. This can cause a memory leak, as indicated by a warning report about an of node refcount leak while probing an mdio device. The error occurs because the fwnode refcount is increased by fwnode handle get() before associating the of node with the mdio device, but it is never decreased in the normal path. As a result, in mdio device release(), fwnode handle put() needs to be called instead of directly calling kfree(). The vulnerability may allow an attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2025-01699
CVE-2022-48961
OESA-2024-2368
OESA-2024-2369
OESA-2024-2371
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_4131-1
SUSE-SU-2024:3983-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4364-1

Affected Products

Astra Linux
Debian
Linux Kernel
Red Os
Suse