{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48852", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.913Z", "datePublished": "2024-07-16T12:25:19.152Z", "dateUpdated": "2024-09-11T17:34:08.418Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T12:25:19.152Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: hdmi: Unregister codec device on unbind\n\nOn bind we will register the HDMI codec device but we don't unregister\nit on unbind, leading to a device leakage. Unregister our device at\nunbind."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vc4/vc4_hdmi.c", "drivers/gpu/drm/vc4/vc4_hdmi.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "ee22082c3e2f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1ed68d776246", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e40945ab7c7f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vc4/vc4_hdmi.c", "drivers/gpu/drm/vc4/vc4_hdmi.h"], "versions": [{"version": "5.15.29", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.15", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ee22082c3e2f230028afa0e22aa8773b1de3c919"}, {"url": "https://git.kernel.org/stable/c/1ed68d776246f167aee9cd79f63f089c40a5e2a3"}, {"url": "https://git.kernel.org/stable/c/e40945ab7c7f966d0c37b7bd7b0596497dfe228d"}], "title": "drm/vc4: hdmi: Unregister codec device on unbind", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.639Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ee22082c3e2f230028afa0e22aa8773b1de3c919", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ed68d776246f167aee9cd79f63f089c40a5e2a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e40945ab7c7f966d0c37b7bd7b0596497dfe228d", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:26:02.312780Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:08.418Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48852", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.913Z", "datePublished": "2024-07-16T12:25:19.152Z", "dateUpdated": "2024-08-03T15:25:01.639Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T12:25:19.152Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: hdmi: Unregister codec device on unbind\n\nOn bind we will register the HDMI codec device but we don't unregister\nit on unbind, leading to a device leakage. Unregister our device at\nunbind."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vc4/vc4_hdmi.c", "drivers/gpu/drm/vc4/vc4_hdmi.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "ee22082c3e2f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1ed68d776246", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e40945ab7c7f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vc4/vc4_hdmi.c", "drivers/gpu/drm/vc4/vc4_hdmi.h"], "versions": [{"version": "5.15.29", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.15", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ee22082c3e2f230028afa0e22aa8773b1de3c919"}, {"url": "https://git.kernel.org/stable/c/1ed68d776246f167aee9cd79f63f089c40a5e2a3"}, {"url": "https://git.kernel.org/stable/c/e40945ab7c7f966d0c37b7bd7b0596497dfe228d"}], "title": "drm/vc4: hdmi: Unregister codec device on unbind", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:26:02.312780Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:20.919Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "19FA1597-045C-49EE-96B7-3CEF5B43002F", "versionEndExcluding": "5.15.29", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335", "versionEndExcluding": "5.16.15", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: hdmi: Unregister codec device on unbind\n\nOn bind we will register the HDMI codec device but we don't unregister\nit on unbind, leading to a device leakage. Unregister our device at\nunbind."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/vc4: hdmi: Anular el registro del dispositivo c\u00f3dec al desvincular. Al vincular, registraremos el dispositivo c\u00f3dec HDMI pero no lo cancelaremos al desvincular, lo que provoca una fuga del dispositivo. Dar de baja nuestro dispositivo en unbind."}], "id": "CVE-2022-48852", "lastModified": "2024-07-23T15:53:16.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T13:15:12.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ed68d776246f167aee9cd79f63f089c40a5e2a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e40945ab7c7f966d0c37b7bd7b0596497dfe228d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ee22082c3e2f230028afa0e22aa8773b1de3c919"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/vc4: hdmi: Unregister codec device on unbind", "id": "2298193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298193"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/vc4: hdmi: Unregister codec device on unbind\nOn bind we will register the HDMI codec device but we don't unregister\nit on unbind, leading to a device leakage. Unregister our device at\nunbind.", "A flaw was found in Unbind. On Bind, the HDMI codec device is registered but not unregistered on Unbind, leading to a device leakage."], "name": "CVE-2022-48852", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48852\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48852\nhttps://lore.kernel.org/linux-cve-announce/2024071625-CVE-2022-48852-9475@gregkh/T"], "statement": "No Red Hat products are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.29, kernel 5.16.15, kernel 5.17"}