CVE-2022-49246

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in snd_proto_probe The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the regular path. And it will cause refcount leak in error paths. Fix this by calling of_node_put() in error handling too.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/0f517480d5888cd54487c5662ce4da95b30ad798

Patch https://git.kernel.org/stable/c/8fa969cd8485031294f91fc7184399000cae6355

Patch https://git.kernel.org/stable/c/b0bfaf0544d08d093d6211d7ef8816fb0b5b6c75

Patch https://git.kernel.org/stable/c/f32ac9bf5e3f594ef9bfedb410aebc98cf784e69

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal