{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49128", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.266Z", "datePublished": "2025-02-26T01:55:05.126Z", "dateUpdated": "2025-02-26T14:25:42.350Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T14:25:42.350Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: Add missing pm_runtime_put_sync\n\npm_runtime_get_sync() will increase the rumtime PM counter\neven when it returns an error. Thus a pairing decrement is needed\nto prevent refcount leak. Fix this by replacing this API with\npm_runtime_resume_and_get(), which will not change the runtime\nPM counter on error. Besides, a matching decrement is needed\non the error handling path to keep the counter balanced."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/bridge/nwl-dsi.c"], "versions": [{"version": "44cfc6233447cb2cf47aeb99457de35826a363f6", "lessThan": "ff13c90d7f7ab606b37be6d15140d19013d6736c", "status": "affected", "versionType": "git"}, {"version": "44cfc6233447cb2cf47aeb99457de35826a363f6", "lessThan": "792533e54cd6e89191798ccd1abd590c62b9077e", "status": "affected", "versionType": "git"}, {"version": "44cfc6233447cb2cf47aeb99457de35826a363f6", "lessThan": "9df80dc738926a2ea4bd1ce5993c3d0f4b0e855c", "status": "affected", "versionType": "git"}, {"version": "44cfc6233447cb2cf47aeb99457de35826a363f6", "lessThan": "46f47807738441e354873546dde0b000106c068a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/bridge/nwl-dsi.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.34", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.20", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.3", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ff13c90d7f7ab606b37be6d15140d19013d6736c"}, {"url": "https://git.kernel.org/stable/c/792533e54cd6e89191798ccd1abd590c62b9077e"}, {"url": "https://git.kernel.org/stable/c/9df80dc738926a2ea4bd1ce5993c3d0f4b0e855c"}, {"url": "https://git.kernel.org/stable/c/46f47807738441e354873546dde0b000106c068a"}], "title": "drm/bridge: Add missing pm_runtime_put_sync", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE872F08-121D-4AE8-82B9-2B5DA905C944", "versionEndExcluding": "5.15.34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00", "versionEndExcluding": "5.16.20", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762", "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: Add missing pm_runtime_put_sync\n\npm_runtime_get_sync() will increase the rumtime PM counter\neven when it returns an error. Thus a pairing decrement is needed\nto prevent refcount leak. Fix this by replacing this API with\npm_runtime_resume_and_get(), which will not change the runtime\nPM counter on error. Besides, a matching decrement is needed\non the error handling path to keep the counter balanced."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/bridge: Agregar la funci\u00f3n pm_runtime_put_sync que falta pm_runtime_get_sync() aumentar\u00e1 el contador de PM en tiempo de ejecuci\u00f3n incluso cuando devuelva un error. Por lo tanto, se necesita una disminuci\u00f3n de emparejamiento para evitar la fuga de refcount. Solucione esto reemplazando esta API con pm_runtime_resume_and_get(), que no cambiar\u00e1 el contador de PM en tiempo de ejecuci\u00f3n en caso de error. Adem\u00e1s, se necesita una disminuci\u00f3n coincidente en la ruta de manejo de errores para mantener el contador equilibrado."}], "id": "CVE-2022-49128", "lastModified": "2025-03-13T21:31:58.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:00:50.113", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/46f47807738441e354873546dde0b000106c068a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/792533e54cd6e89191798ccd1abd590c62b9077e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9df80dc738926a2ea4bd1ce5993c3d0f4b0e855c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff13c90d7f7ab606b37be6d15140d19013d6736c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/bridge: Add missing pm_runtime_put_sync", "id": "2347820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347820"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/bridge: Add missing pm_runtime_put_sync\npm_runtime_get_sync() will increase the rumtime PM counter\neven when it returns an error. Thus a pairing decrement is needed\nto prevent refcount leak. Fix this by replacing this API with\npm_runtime_resume_and_get(), which will not change the runtime\nPM counter on error. Besides, a matching decrement is needed\non the error handling path to keep the counter balanced."], "name": "CVE-2022-49128", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49128\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49128\nhttps://lore.kernel.org/linux-cve-announce/2025022605-CVE-2022-49128-8459@gregkh/T"], "threat_severity": "Moderate"}