CVE-2022-48831

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48831
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48831.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48831
Downstream
Related
Published
2024-07-16T11:44:14Z
Modified
2025-10-14T20:45:02.766443Z
Summary
ima: fix reference leak in asymmetric_verify()
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: fix reference leak in asymmetric_verify()

Don't leak a reference to the key if its algorithm is unknown.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
947d70597236dd5ae65c1f68c8eabfb962ee5a6b
Fixed
0838d6d68182f0b28a5434bc6d50727c4757e35b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
947d70597236dd5ae65c1f68c8eabfb962ee5a6b
Fixed
89f586d3398f4cc0432ed870949dffb702940754
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
947d70597236dd5ae65c1f68c8eabfb962ee5a6b
Fixed
926fd9f23b27ca6587492c3f58f4c7f4cd01dad5

Affected versions

v5.*

v5.12
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17-rc1

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1197.0,
                "function_hash": "8052089880499931427338839040188009419"
            },
            "target": {
                "function": "asymmetric_verify",
                "file": "security/integrity/digsig_asymmetric.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0838d6d68182f0b28a5434bc6d50727c4757e35b",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-48831-3126c1dc"
        },
        {
            "digest": {
                "length": 1197.0,
                "function_hash": "8052089880499931427338839040188009419"
            },
            "target": {
                "function": "asymmetric_verify",
                "file": "security/integrity/digsig_asymmetric.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f586d3398f4cc0432ed870949dffb702940754",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-48831-82cc562f"
        },
        {
            "digest": {
                "line_hashes": [
                    "165181651406495337060742347267139827640",
                    "57895297033500067006156381899269088393",
                    "87518421080827079004527637030161364142",
                    "187797553276972267500841793096129180491",
                    "175481132813434670287070635682966532310",
                    "174613814635862324025201258825987469435",
                    "298126376253181122262609880192198891899",
                    "262633891891198740551295388491348691062",
                    "328931230286018214554063804027560002347",
                    "273368267840084248945733071949776375828",
                    "307240864581471844342906563874394823976",
                    "185889615368510371377276245623998986902",
                    "198086700539896322955245820677690838956",
                    "229386476926545909295085123103263115044",
                    "219393745128093848900256476258169417608",
                    "224468335340725167726786151981742660961",
                    "59549511137353279212069264313374856030"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "security/integrity/digsig_asymmetric.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f586d3398f4cc0432ed870949dffb702940754",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-48831-c6531281"
        },
        {
            "digest": {
                "length": 1197.0,
                "function_hash": "8052089880499931427338839040188009419"
            },
            "target": {
                "function": "asymmetric_verify",
                "file": "security/integrity/digsig_asymmetric.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@926fd9f23b27ca6587492c3f58f4c7f4cd01dad5",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-48831-d1b48d6e"
        },
        {
            "digest": {
                "line_hashes": [
                    "165181651406495337060742347267139827640",
                    "57895297033500067006156381899269088393",
                    "87518421080827079004527637030161364142",
                    "187797553276972267500841793096129180491",
                    "175481132813434670287070635682966532310",
                    "174613814635862324025201258825987469435",
                    "298126376253181122262609880192198891899",
                    "262633891891198740551295388491348691062",
                    "328931230286018214554063804027560002347",
                    "273368267840084248945733071949776375828",
                    "307240864581471844342906563874394823976",
                    "185889615368510371377276245623998986902",
                    "198086700539896322955245820677690838956",
                    "229386476926545909295085123103263115044",
                    "219393745128093848900256476258169417608",
                    "224468335340725167726786151981742660961",
                    "59549511137353279212069264313374856030"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "security/integrity/digsig_asymmetric.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0838d6d68182f0b28a5434bc6d50727c4757e35b",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-48831-d4731109"
        },
        {
            "digest": {
                "line_hashes": [
                    "165181651406495337060742347267139827640",
                    "57895297033500067006156381899269088393",
                    "87518421080827079004527637030161364142",
                    "187797553276972267500841793096129180491",
                    "175481132813434670287070635682966532310",
                    "174613814635862324025201258825987469435",
                    "298126376253181122262609880192198891899",
                    "262633891891198740551295388491348691062",
                    "328931230286018214554063804027560002347",
                    "273368267840084248945733071949776375828",
                    "307240864581471844342906563874394823976",
                    "185889615368510371377276245623998986902",
                    "198086700539896322955245820677690838956",
                    "229386476926545909295085123103263115044",
                    "219393745128093848900256476258169417608",
                    "224468335340725167726786151981742660961",
                    "59549511137353279212069264313374856030"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "security/integrity/digsig_asymmetric.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@926fd9f23b27ca6587492c3f58f4c7f4cd01dad5",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-48831-e0358a76"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.24
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.10