fkie_nvd - fkie_cve-2022-49396

FKIE_CVE-2022-49396

Vulnerability from fkie_nvd - Published: 2025-02-26 07:01 - Updated: 2025-09-22 19:47

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined in devicetree in "lane" child nodes, devm_reset_control_get_exclusive() cannot be used directly.

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4d2900f20edfe541f75756a00deeb2ffe7c66bc1	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7ac21b24af859c097eb4034e93430056068f8f31	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8c03eb0c8982677b4e17174073a011788891304d	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a39d9eccb333b8c07c43ebea1c6dfda122378a0f	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b7b5fbcaac5355e2e695dc0c08a0fcf248250388	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ba173a6f8d8dffed64bb13ab23081bdddfb464f0	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/feb05b10b3ed3ae21b851520a0d0b71685439517	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1826012-E991-4F57-B5A8-B3B6949796C0",
              "versionEndExcluding": "4.14.283",
              "versionStartIncluding": "4.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B",
              "versionEndExcluding": "4.19.247",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9",
              "versionEndExcluding": "5.4.198",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34ACD872-E5BC-401C-93D5-B357A62426E0",
              "versionEndExcluding": "5.10.121",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1",
              "versionEndExcluding": "5.15.46",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252",
              "versionEndExcluding": "5.17.14",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2",
              "versionEndExcluding": "5.18.3",
              "versionStartIncluding": "5.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp: fix reset-controller leak on probe errors\n\nMake sure to release the lane reset controller in case of a late probe\nerror (e.g. probe deferral).\n\nNote that due to the reset controller being defined in devicetree in\n\"lane\" child nodes, devm_reset_control_get_exclusive() cannot be used\ndirectly."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: qcom-qmp: se corrige la p\u00e9rdida del controlador de reinicio en los errores de sondeo Aseg\u00farese de liberar el controlador de reinicio de carril en caso de un error de sondeo tard\u00edo (por ejemplo, aplazamiento de sondeo). Tenga en cuenta que debido a que el controlador de reinicio se define en devicetree en los nodos secundarios \"lane\", devm_reset_control_get_exclusive() no se puede usar directamente."
    }
  ],
  "id": "CVE-2022-49396",
  "lastModified": "2025-09-22T19:47:55.287",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-26T07:01:16.173",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4d2900f20edfe541f75756a00deeb2ffe7c66bc1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7ac21b24af859c097eb4034e93430056068f8f31"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8c03eb0c8982677b4e17174073a011788891304d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a39d9eccb333b8c07c43ebea1c6dfda122378a0f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b7b5fbcaac5355e2e695dc0c08a0fcf248250388"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ba173a6f8d8dffed64bb13ab23081bdddfb464f0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/feb05b10b3ed3ae21b851520a0d0b71685439517"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-49396 (GCVE-0-2022-49396)

Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2025-05-04 08:36

Summary

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b7b5fbcaac5355e2e…
	https://git.kernel.org/stable/c/a39d9eccb333b8c07…
	https://git.kernel.org/stable/c/7ac21b24af859c097…
	https://git.kernel.org/stable/c/2156dc390402043ba…
	https://git.kernel.org/stable/c/ba173a6f8d8dffed6…
	https://git.kernel.org/stable/c/feb05b10b3ed3ae21…
	https://git.kernel.org/stable/c/8c03eb0c8982677b4…
	https://git.kernel.org/stable/c/4d2900f20edfe541f…

Impacted products

Vendor

Product

Version

Linux

Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < b7b5fbcaac5355e2e695dc0c08a0fcf248250388 (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < a39d9eccb333b8c07c43ebea1c6dfda122378a0f (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < 7ac21b24af859c097eb4034e93430056068f8f31 (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < 2156dc390402043ba5982489c6625adcb0b0975c (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < ba173a6f8d8dffed64bb13ab23081bdddfb464f0 (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < feb05b10b3ed3ae21b851520a0d0b71685439517 (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < 8c03eb0c8982677b4e17174073a011788891304d (git)
Affected: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b , < 4d2900f20edfe541f75756a00deeb2ffe7c66bc1 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.14.283 , ≤ 4.14.* (semver)
Unaffected: 4.19.247 , ≤ 4.19.* (semver)
Unaffected: 5.4.198 , ≤ 5.4.* (semver)
Unaffected: 5.10.121 , ≤ 5.10.* (semver)
Unaffected: 5.15.46 , ≤ 5.15.* (semver)
Unaffected: 5.17.14 , ≤ 5.17.* (semver)
Unaffected: 5.18.3 , ≤ 5.18.* (semver)
Unaffected: 5.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/qualcomm/phy-qcom-qmp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7b5fbcaac5355e2e695dc0c08a0fcf248250388",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "a39d9eccb333b8c07c43ebea1c6dfda122378a0f",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "7ac21b24af859c097eb4034e93430056068f8f31",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "2156dc390402043ba5982489c6625adcb0b0975c",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "ba173a6f8d8dffed64bb13ab23081bdddfb464f0",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "feb05b10b3ed3ae21b851520a0d0b71685439517",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "8c03eb0c8982677b4e17174073a011788891304d",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            },
            {
              "lessThan": "4d2900f20edfe541f75756a00deeb2ffe7c66bc1",
              "status": "affected",
              "version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/qualcomm/phy-qcom-qmp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.283",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.247",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.198",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.121",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.46",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.14",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.3",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp: fix reset-controller leak on probe errors\n\nMake sure to release the lane reset controller in case of a late probe\nerror (e.g. probe deferral).\n\nNote that due to the reset controller being defined in devicetree in\n\"lane\" child nodes, devm_reset_control_get_exclusive() cannot be used\ndirectly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:36:47.558Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7b5fbcaac5355e2e695dc0c08a0fcf248250388"
        },
        {
          "url": "https://git.kernel.org/stable/c/a39d9eccb333b8c07c43ebea1c6dfda122378a0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ac21b24af859c097eb4034e93430056068f8f31"
        },
        {
          "url": "https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba173a6f8d8dffed64bb13ab23081bdddfb464f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/feb05b10b3ed3ae21b851520a0d0b71685439517"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c03eb0c8982677b4e17174073a011788891304d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d2900f20edfe541f75756a00deeb2ffe7c66bc1"
        }
      ],
      "title": "phy: qcom-qmp: fix reset-controller leak on probe errors",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49396",
    "datePublished": "2025-02-26T02:11:26.145Z",
    "dateReserved": "2025-02-26T02:08:31.563Z",
    "dateUpdated": "2025-05-04T08:36:47.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2022-49396

CVE-2022-49396 (GCVE-0-2022-49396)

Tags

Sightings

Nomenclature