CVE-2022-48831

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48831
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48831.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48831
Downstream
Related
Published
2024-07-16T11:44:14.639Z
Modified
2025-11-19T12:36:40.032351Z
Summary
ima: fix reference leak in asymmetric_verify()
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: fix reference leak in asymmetric_verify()

Don't leak a reference to the key if its algorithm is unknown.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
947d70597236dd5ae65c1f68c8eabfb962ee5a6b
Fixed
0838d6d68182f0b28a5434bc6d50727c4757e35b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
947d70597236dd5ae65c1f68c8eabfb962ee5a6b
Fixed
89f586d3398f4cc0432ed870949dffb702940754
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
947d70597236dd5ae65c1f68c8eabfb962ee5a6b
Fixed
926fd9f23b27ca6587492c3f58f4c7f4cd01dad5

Affected versions

v5.*

v5.12
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17-rc1

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "security/integrity/digsig_asymmetric.c",
            "function": "asymmetric_verify"
        },
        "signature_version": "v1",
        "id": "CVE-2022-48831-3126c1dc",
        "digest": {
            "length": 1197.0,
            "function_hash": "8052089880499931427338839040188009419"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0838d6d68182f0b28a5434bc6d50727c4757e35b",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "security/integrity/digsig_asymmetric.c",
            "function": "asymmetric_verify"
        },
        "signature_version": "v1",
        "id": "CVE-2022-48831-82cc562f",
        "digest": {
            "length": 1197.0,
            "function_hash": "8052089880499931427338839040188009419"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f586d3398f4cc0432ed870949dffb702940754",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "security/integrity/digsig_asymmetric.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-48831-c6531281",
        "digest": {
            "line_hashes": [
                "165181651406495337060742347267139827640",
                "57895297033500067006156381899269088393",
                "87518421080827079004527637030161364142",
                "187797553276972267500841793096129180491",
                "175481132813434670287070635682966532310",
                "174613814635862324025201258825987469435",
                "298126376253181122262609880192198891899",
                "262633891891198740551295388491348691062",
                "328931230286018214554063804027560002347",
                "273368267840084248945733071949776375828",
                "307240864581471844342906563874394823976",
                "185889615368510371377276245623998986902",
                "198086700539896322955245820677690838956",
                "229386476926545909295085123103263115044",
                "219393745128093848900256476258169417608",
                "224468335340725167726786151981742660961",
                "59549511137353279212069264313374856030"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f586d3398f4cc0432ed870949dffb702940754",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "file": "security/integrity/digsig_asymmetric.c",
            "function": "asymmetric_verify"
        },
        "signature_version": "v1",
        "id": "CVE-2022-48831-d1b48d6e",
        "digest": {
            "length": 1197.0,
            "function_hash": "8052089880499931427338839040188009419"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@926fd9f23b27ca6587492c3f58f4c7f4cd01dad5",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "security/integrity/digsig_asymmetric.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-48831-d4731109",
        "digest": {
            "line_hashes": [
                "165181651406495337060742347267139827640",
                "57895297033500067006156381899269088393",
                "87518421080827079004527637030161364142",
                "187797553276972267500841793096129180491",
                "175481132813434670287070635682966532310",
                "174613814635862324025201258825987469435",
                "298126376253181122262609880192198891899",
                "262633891891198740551295388491348691062",
                "328931230286018214554063804027560002347",
                "273368267840084248945733071949776375828",
                "307240864581471844342906563874394823976",
                "185889615368510371377276245623998986902",
                "198086700539896322955245820677690838956",
                "229386476926545909295085123103263115044",
                "219393745128093848900256476258169417608",
                "224468335340725167726786151981742660961",
                "59549511137353279212069264313374856030"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0838d6d68182f0b28a5434bc6d50727c4757e35b",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "file": "security/integrity/digsig_asymmetric.c"
        },
        "signature_version": "v1",
        "id": "CVE-2022-48831-e0358a76",
        "digest": {
            "line_hashes": [
                "165181651406495337060742347267139827640",
                "57895297033500067006156381899269088393",
                "87518421080827079004527637030161364142",
                "187797553276972267500841793096129180491",
                "175481132813434670287070635682966532310",
                "174613814635862324025201258825987469435",
                "298126376253181122262609880192198891899",
                "262633891891198740551295388491348691062",
                "328931230286018214554063804027560002347",
                "273368267840084248945733071949776375828",
                "307240864581471844342906563874394823976",
                "185889615368510371377276245623998986902",
                "198086700539896322955245820677690838956",
                "229386476926545909295085123103263115044",
                "219393745128093848900256476258169417608",
                "224468335340725167726786151981742660961",
                "59549511137353279212069264313374856030"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@926fd9f23b27ca6587492c3f58f4c7f4cd01dad5",
        "deprecated": false,
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.24
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.10