CVE-2022-48896
"ixgbe: PCI Device Reference Count Leak"
Description
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak.
INFO
Published Date :
Aug. 21, 2024, 7:15 a.m.
Last Modified :
Sept. 11, 2024, 4:06 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-48896
.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-48896
vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-48896
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Sep. 11, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Changed Reference Type https://git.kernel.org/stable/c/112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0 No Types Assigned https://git.kernel.org/stable/c/112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0 Patch Changed Reference Type https://git.kernel.org/stable/c/4c93422a54cd6a349988f42e1c6bf082cf4ea9d8 No Types Assigned https://git.kernel.org/stable/c/4c93422a54cd6a349988f42e1c6bf082cf4ea9d8 Patch Changed Reference Type https://git.kernel.org/stable/c/53cefa802f070d46c0c518f4865be2c749818a18 No Types Assigned https://git.kernel.org/stable/c/53cefa802f070d46c0c518f4865be2c749818a18 Patch Changed Reference Type https://git.kernel.org/stable/c/b93fb4405fcb5112c5739c5349afb52ec7f15c07 No Types Assigned https://git.kernel.org/stable/c/b93fb4405fcb5112c5739c5349afb52ec7f15c07 Patch Changed Reference Type https://git.kernel.org/stable/c/c49996c6aa03590e4ef5add8772cb6068d99fd59 No Types Assigned https://git.kernel.org/stable/c/c49996c6aa03590e4ef5add8772cb6068d99fd59 Patch Added CWE NIST CWE-401 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.0 up to (excluding) 5.4.229 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.164 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.89 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.7 *cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Aug. 21, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). In ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii(), pci_dev_put() is called to avoid leak. Added Reference kernel.org https://git.kernel.org/stable/c/53cefa802f070d46c0c518f4865be2c749818a18 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/112df4cd2b09acd64bcd18f5ef83ba5d07b34bf0 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/4c93422a54cd6a349988f42e1c6bf082cf4ea9d8 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/c49996c6aa03590e4ef5add8772cb6068d99fd59 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/b93fb4405fcb5112c5739c5349afb52ec7f15c07 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-48896
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-48896
weaknesses.