Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1 of_node_put reference count

Summaryinfo

A vulnerability marked as critical has been reported in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. Affected is the function of_node_put. Performing a manipulation results in reference count. This vulnerability was named CVE-2022-49239. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. It has been classified as critical. This affects the function of_node_put. The manipulation with an unknown input leads to a reference count vulnerability. CWE is classifying the issue as CWE-911. The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. This is going to have an impact on availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This is similar to commit 64b92de9603f ("ASoC: wcd9335: fix a leaked reference by adding missing of_node_put")

It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2022-49239 since 02/26/2025. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 5.10.110, 5.15.33, 5.16.19 or 5.17.2 eliminates this vulnerability. Applying the patch 1f24716e38220fc9e52e208d20591d2bc9b7f020/2f44eca78cc6d4e1779eb95765ec79e433accab4/f3793eeb7b94a5eeed6f5c7a44bce403c6681a12/f8e89d84ea83c51ba3ba97ff154f7aa679326760/9531a631379169d57756b2411178c6238655df88 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.10.109
• 5.15.0
• 5.15.1
• 5.15.2
• 5.15.3
• 5.15.4
• 5.15.5
• 5.15.6
• 5.15.7
• 5.15.8
• 5.15.9
• 5.15.10
• 5.15.11
• 5.15.12
• 5.15.13
• 5.15.14
• 5.15.15
• 5.15.16
• 5.15.17
• 5.15.18
• 5.15.19
• 5.15.20
• 5.15.21
• 5.15.22
• 5.15.23
• 5.15.24
• 5.15.25
• 5.15.26
• 5.15.27
• 5.15.28
• 5.15.29
• 5.15.30
• 5.15.31
• 5.15.32
• 5.16.0
• 5.16.1
• 5.16.2
• 5.16.3
• 5.16.4
• 5.16.5
• 5.16.6
• 5.16.7
• 5.16.8
• 5.16.9
• 5.16.10
• 5.16.11
• 5.16.12
• 5.16.13
• 5.16.14
• 5.16.15
• 5.16.16
• 5.16.17
• 5.16.18
• 5.17.0
• 5.17.1

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion