CVE-2022-49047

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-49047

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49047.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49047

Downstream

DEBIAN-CVE-2022-49047

UBUNTU-CVE-2022-49047

Published

2025-02-26T01:54:23.471Z

Modified

2026-03-11T02:04:29.058264Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ep93xx: clock: Fix UAF in ep93xx_clk_register_gate()

Details

In the Linux kernel, the following vulnerability has been resolved:

ep93xx: clock: Fix UAF in ep93xxclkregister_gate()

arch/arm/mach-ep93xx/clock.c:154:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] arch/arm/mach-ep93xx/clock.c:151:2: note: Taking true branch if (IS_ERR(clk)) ^ arch/arm/mach-ep93xx/clock.c:152:3: note: Memory is released kfree(psc); ^~~~~~~~~~ arch/arm/mach-ep93xx/clock.c:154:2: note: Use of memory after it is freed return &psc->hw; ^ ~~~~~~~~

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49047.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9645ccc7bd7a16cd73c3be9dee70cd702b03be37

Fixed

0f12166872da46c6b57ba2f1314bbf310b3bf017

Fixed

3b68b08885217abd9c57ff9b3bb3eb173eee02a9

Affected versions

v5.*

v5.15

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.2

v5.17.3

v5.18-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "arch/arm/mach-ep93xx/clock.c",
            "function": "ep93xx_clk_register_gate"
        },
        "id": "CVE-2022-49047-db043c1c",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f12166872da46c6b57ba2f1314bbf310b3bf017",
        "digest": {
            "function_hash": "271506025367220011500996291892137337707",
            "length": 625.0
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "arch/arm/mach-ep93xx/clock.c"
        },
        "id": "CVE-2022-49047-dfee4553",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f12166872da46c6b57ba2f1314bbf310b3bf017",
        "digest": {
            "line_hashes": [
                "16004323006525376600948697784538907812",
                "34548351323623826100877482660969052835",
                "80615578458355565797182614175609053861",
                "16306278921531847629326326188943703110",
                "69462182876611904457693727189697212953"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49047.json"