Linux Kernel up to 5.4.199/5.10.123/5.15.48/5.18.5 gic_populate_ppi_partitions of_get_child_by_name reference count

Summaryinfo

A vulnerability was found in Linux Kernel up to 5.4.199/5.10.123/5.15.48/5.18.5 and classified as critical. Affected by this vulnerability is the function of_get_child_by_name of the component gic_populate_ppi_partitions. Such manipulation leads to reference count. This vulnerability is listed as CVE-2022-49716. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.199/5.10.123/5.15.48/5.18.5. Affected by this issue is the function of_get_child_by_name of the component gic_populate_ppi_partitions. The manipulation with an unknown input leads to a reference count vulnerability. Using CWE to declare the problem leads to CWE-911. The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Impacted is availability. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. When kcalloc fails, it missing of_node_put() and results in refcount leak. Fix this by goto out_put_node label.

The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2022-49716 since 02/26/2025. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 238226 (EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1635)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 5.4.200, 5.10.124, 5.15.49 or 5.18.6 eliminates this vulnerability. Applying the patch 58e67c81e229351027d28c610638378606e33a08/7c9dd9d23f26dabcfb14148b9acdfba540418b19/0b325d993995a321f6ab4e6c51f0504ec092bf5b/c83c34c57798fc41faefcf078be78683db2f4beb/ec8401a429ffee34ccf38cebf3443f8d5ae6cb0d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Tenable (238226). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.4.199
• 5.10.123
• 5.15.0
• 5.15.1
• 5.15.2
• 5.15.3
• 5.15.4
• 5.15.5
• 5.15.6
• 5.15.7
• 5.15.8
• 5.15.9
• 5.15.10
• 5.15.11
• 5.15.12
• 5.15.13
• 5.15.14
• 5.15.15
• 5.15.16
• 5.15.17
• 5.15.18
• 5.15.19
• 5.15.20
• 5.15.21
• 5.15.22
• 5.15.23
• 5.15.24
• 5.15.25
• 5.15.26
• 5.15.27
• 5.15.28
• 5.15.29
• 5.15.30
• 5.15.31
• 5.15.32
• 5.15.33
• 5.15.34
• 5.15.35
• 5.15.36
• 5.15.37
• 5.15.38
• 5.15.39
• 5.15.40
• 5.15.41
• 5.15.42
• 5.15.43
• 5.15.44
• 5.15.45
• 5.15.46
• 5.15.47
• 5.15.48
• 5.18.0
• 5.18.1
• 5.18.2
• 5.18.3
• 5.18.4
• 5.18.5

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion