Linux Kernel up to 5.18.3 rockchip_grf_init of_node_put reference count

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.18.3. Affected by this vulnerability is the function of_node_put of the component rockchip_grf_init. The manipulation leads to reference count. This vulnerability is documented as CVE-2022-49382. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.18.3. This issue affects the function of_node_put of the component rockchip_grf_init. The manipulation with an unknown input leads to a reference count vulnerability. Using CWE to declare the problem leads to CWE-911. The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Impacted is availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.

It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2022-49382 since 02/26/2025. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 240793 (SUSE SLES12 Security Update : kernel (SUSE-SU-2025:01983-1)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 4.14.283, 4.19.247, 5.4.198, 5.10.122, 5.15.47, 5.17.15 or 5.18.4 eliminates this vulnerability. Applying the patch d5422f323858cad3ac3581075f9a3a5e0d41c0d8/28133325526b92921f3269fdf97a20d90b92b217/69a30b2ed620c2206cbbd1e9c112e4fc584e02bd/5b3e990f85eb034faa461e691e719e8ce9e2a3c8/aab25b669cb9fd3698c2631be4435f4fe92d9e59/042571fe1d171773655ad706715ecc865913d9a4/8f64e84924604bb969ee1fbc4b8d7d09b9214889/9b59588d8be91c96bfb0371e912ceb4f16315dbf is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Tenable (240793). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 4.14.282
• 4.19.246
• 5.4.197
• 5.10.121
• 5.15.0
• 5.15.1
• 5.15.2
• 5.15.3
• 5.15.4
• 5.15.5
• 5.15.6
• 5.15.7
• 5.15.8
• 5.15.9
• 5.15.10
• 5.15.11
• 5.15.12
• 5.15.13
• 5.15.14
• 5.15.15
• 5.15.16
• 5.15.17
• 5.15.18
• 5.15.19
• 5.15.20
• 5.15.21
• 5.15.22
• 5.15.23
• 5.15.24
• 5.15.25
• 5.15.26
• 5.15.27
• 5.15.28
• 5.15.29
• 5.15.30
• 5.15.31
• 5.15.32
• 5.15.33
• 5.15.34
• 5.15.35
• 5.15.36
• 5.15.37
• 5.15.38
• 5.15.39
• 5.15.40
• 5.15.41
• 5.15.42
• 5.15.43
• 5.15.44
• 5.15.45
• 5.15.46
• 5.17.0
• 5.17.1
• 5.17.2
• 5.17.3
• 5.17.4
• 5.17.5
• 5.17.6
• 5.17.7
• 5.17.8
• 5.17.9
• 5.17.10
• 5.17.11
• 5.17.12
• 5.17.13
• 5.17.14
• 5.18.0
• 5.18.1
• 5.18.2
• 5.18.3

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion