cve-2022-48924
Vulnerability from cvelistv5
Published
2024-08-22 01:33
Modified
2024-12-19 08:10
Severity ?
EPSS score ?
Summary
thermal: int340x: fix memory leak in int3400_notify()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:18.769606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:00.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/int340x_thermal/int3400_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0ddc5184b0127038d05008e2a69f89d1e13f980",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "c3fa6d1937a8d0828131a04ae2cd2c30d0668693",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "2e798814e01827871938ff172d2b2ccf1e74b355",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "e098933866f9e1dd3ef4eebbe2e3d504f970f599",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "ba9efbbf6745750d34c1e87c9539ce9db645ca0a",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "33c73a4d7e7b19313a6b417152f5365016926418",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
},
{
"lessThan": "3abea10e6a8f0e7804ed4c124bea2d15aca977c8",
"status": "affected",
"version": "38e44da591303d08b0d965a033e11ade284999d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/int340x_thermal/int3400_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: fix memory leak in int3400_notify()\n\nIt is easy to hit the below memory leaks in my TigerLake platform:\n\nunreferenced object 0xffff927c8b91dbc0 (size 32):\n comm \"kworker/0:2\", pid 112, jiffies 4294893323 (age 83.604s)\n hex dump (first 32 bytes):\n 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The\n 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk.\n backtrace:\n [\u003cffffffff9c502c3e\u003e] __kmalloc_track_caller+0x2fe/0x4a0\n [\u003cffffffff9c7b7c15\u003e] kvasprintf+0x65/0xd0\n [\u003cffffffff9c7b7d6e\u003e] kasprintf+0x4e/0x70\n [\u003cffffffffc04cb662\u003e] int3400_notify+0x82/0x120 [int3400_thermal]\n [\u003cffffffff9c8b7358\u003e] acpi_ev_notify_dispatch+0x54/0x71\n [\u003cffffffff9c88f1a7\u003e] acpi_os_execute_deferred+0x17/0x30\n [\u003cffffffff9c2c2c0a\u003e] process_one_work+0x21a/0x3f0\n [\u003cffffffff9c2c2e2a\u003e] worker_thread+0x4a/0x3b0\n [\u003cffffffff9c2cb4dd\u003e] kthread+0xfd/0x130\n [\u003cffffffff9c201c1f\u003e] ret_from_fork+0x1f/0x30\n\nFix it by calling kfree() accordingly."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T08:10:37.148Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980"
},
{
"url": "https://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693"
},
{
"url": "https://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355"
},
{
"url": "https://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599"
},
{
"url": "https://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a"
},
{
"url": "https://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418"
},
{
"url": "https://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8"
}
],
"title": "thermal: int340x: fix memory leak in int3400_notify()",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48924",
"datePublished": "2024-08-22T01:33:05.770Z",
"dateReserved": "2024-08-21T06:06:23.296Z",
"dateUpdated": "2024-12-19T08:10:37.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48924\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-22T02:15:08.527\",\"lastModified\":\"2024-08-27T16:07:43.660\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nthermal: int340x: fix memory leak in int3400_notify()\\n\\nIt is easy to hit the below memory leaks in my TigerLake platform:\\n\\nunreferenced object 0xffff927c8b91dbc0 (size 32):\\n comm \\\"kworker/0:2\\\", pid 112, jiffies 4294893323 (age 83.604s)\\n hex dump (first 32 bytes):\\n 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The\\n 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk.\\n backtrace:\\n [\u003cffffffff9c502c3e\u003e] __kmalloc_track_caller+0x2fe/0x4a0\\n [\u003cffffffff9c7b7c15\u003e] kvasprintf+0x65/0xd0\\n [\u003cffffffff9c7b7d6e\u003e] kasprintf+0x4e/0x70\\n [\u003cffffffffc04cb662\u003e] int3400_notify+0x82/0x120 [int3400_thermal]\\n [\u003cffffffff9c8b7358\u003e] acpi_ev_notify_dispatch+0x54/0x71\\n [\u003cffffffff9c88f1a7\u003e] acpi_os_execute_deferred+0x17/0x30\\n [\u003cffffffff9c2c2c0a\u003e] process_one_work+0x21a/0x3f0\\n [\u003cffffffff9c2c2e2a\u003e] worker_thread+0x4a/0x3b0\\n [\u003cffffffff9c2cb4dd\u003e] kthread+0xfd/0x130\\n [\u003cffffffff9c201c1f\u003e] ret_from_fork+0x1f/0x30\\n\\nFix it by calling kfree() accordingly.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: t\u00e9rmica: int340x: corrige la p\u00e9rdida de memoria en int3400_notify() Es f\u00e1cil solucionar las siguientes p\u00e9rdidas de memoria en mi plataforma TigerLake: objeto sin referencia 0xffff927c8b91dbc0 (tama\u00f1o 32): comm \\\"kworker/0 :2\\\", pid 112, santiam\u00e9n 4294893323 (edad 83.604s) volcado hexadecimal (primeros 32 bytes): 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk. seguimiento: [] __kmalloc_track_caller+0x2fe/0x4a0 [] kvasprintf+0x65/0xd0 [] kasprintf+0x4e/0x70 [] notificar+0x82/0x120 [int3400_thermal] [] acpi_ev_notify_dispatch+0x54/0x71 [] acpi_os_execute_deferred+0x17/0x30 [] Process_one_work+0x21a/0x3f0 [] trabajador_thread+0x4a/0x3b0 ffffffff9c2cb4dd\u0026gt;] kthread+0xfd/0x130 [] ret_from_fork+0x1f/0x30 Solucionarlo llamando a kfree() en consecuencia.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14\",\"versionEndExcluding\":\"4.14.274\",\"matchCriteriaId\":\"66FD29ED-3573-4532-BDEF-8D09E54DFC2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.237\",\"matchCriteriaId\":\"C479DB4A-41B9-4940-B214-841C74E2C1FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.188\",\"matchCriteriaId\":\"670BCB59-E3C8-496D-BD17-297C113776FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.103\",\"matchCriteriaId\":\"1A95B717-3110-4D4F-B8FC-373919BB514D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.26\",\"matchCriteriaId\":\"9AB342AE-A62E-4947-A6EA-511453062B2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.12\",\"matchCriteriaId\":\"C76BAB21-7F23-4AD8-A25F-CA7B262A2698\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.