{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48776", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.062Z", "datePublished": "2024-07-16T11:13:15.197Z", "dateUpdated": "2025-05-04T12:43:41.958Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:43:41.958Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix missing free for pparts in cleanup\n\nMtdpart doesn't free pparts when a cleanup function is declared.\nAdd missing free for pparts in cleanup function for smem to fix the\nleak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mtd/parsers/qcomsmempart.c"], "versions": [{"version": "10f3b4d79958d6f9f71588c6fa862159c83fa80f", "lessThan": "3eb5185896a68373714dc7d0009111744adc3345", "status": "affected", "versionType": "git"}, {"version": "10f3b4d79958d6f9f71588c6fa862159c83fa80f", "lessThan": "1b37889f9a151d26a3fb0d3870f6e1046dee2e24", "status": "affected", "versionType": "git"}, {"version": "10f3b4d79958d6f9f71588c6fa862159c83fa80f", "lessThan": "3dd8ba961b9356c4113b96541c752c73d98fef70", "status": "affected", "versionType": "git"}, {"version": "af86e36c583300e10a52e3b3348c88a69fc0c552", "status": "affected", "versionType": "git"}, {"version": "765beb5ef9da4fecb50210decd55dd24187a0698", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mtd/parsers/qcomsmempart.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.25", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.11", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.25"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.16.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345"}, {"url": "https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24"}, {"url": "https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70"}], "title": "mtd: parsers: qcom: Fix missing free for pparts in cleanup", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.886Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:00:33.435132Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:17.583Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.886Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:00:33.435132Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.829Z"}}], "cna": {"title": "mtd: parsers: qcom: Fix missing free for pparts in cleanup", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "10f3b4d79958d6f9f71588c6fa862159c83fa80f", "lessThan": "3eb5185896a68373714dc7d0009111744adc3345", "versionType": "git"}, {"status": "affected", "version": "10f3b4d79958d6f9f71588c6fa862159c83fa80f", "lessThan": "1b37889f9a151d26a3fb0d3870f6e1046dee2e24", "versionType": "git"}, {"status": "affected", "version": "10f3b4d79958d6f9f71588c6fa862159c83fa80f", "lessThan": "3dd8ba961b9356c4113b96541c752c73d98fef70", "versionType": "git"}, {"status": "affected", "version": "af86e36c583300e10a52e3b3348c88a69fc0c552", "versionType": "git"}, {"status": "affected", "version": "765beb5ef9da4fecb50210decd55dd24187a0698", "versionType": "git"}], "programFiles": ["drivers/mtd/parsers/qcomsmempart.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.14"}, {"status": "unaffected", "version": "0", "lessThan": "5.14", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.25", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.11", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/mtd/parsers/qcomsmempart.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345"}, {"url": "https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24"}, {"url": "https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix missing free for pparts in cleanup\n\nMtdpart doesn't free pparts when a cleanup function is declared.\nAdd missing free for pparts in cleanup function for smem to fix the\nleak."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.25", "versionStartIncluding": "5.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.16.11", "versionStartIncluding": "5.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.17", "versionStartIncluding": "5.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.12.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.13.2"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:43:41.958Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48776", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:43:41.958Z", "dateReserved": "2024-06-20T11:09:39.062Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T11:13:15.197Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDB1D52E-21AB-4ECE-9119-6594F8FF3B3A", "versionEndExcluding": "5.13", "versionStartIncluding": "5.12.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E501AE-F8EF-4D2C-A2F0-31EC5903CEE2", "versionEndExcluding": "5.15.25", "versionStartIncluding": "5.13.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D327234-5D4A-43DC-A6DF-BCA0CEBEC039", "versionEndExcluding": "5.16.11", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix missing free for pparts in cleanup\n\nMtdpart doesn't free pparts when a cleanup function is declared.\nAdd missing free for pparts in cleanup function for smem to fix the\nleak."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: parsers: qcom: Corrige la falta de espacio libre para pparts en la limpieza Mtdpart no libera pparts cuando se declara una funci\u00f3n de limpieza. Agregue piezas libres faltantes en la funci\u00f3n de limpieza para que smem arregle la fuga."}], "id": "CVE-2022-48776", "lastModified": "2025-09-24T18:16:14.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T12:15:02.867", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b37889f9a151d26a3fb0d3870f6e1046dee2e24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3dd8ba961b9356c4113b96541c752c73d98fef70"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3eb5185896a68373714dc7d0009111744adc3345"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mtd: parsers: qcom: Fix missing free for pparts in cleanup", "id": "2298112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298112"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-459", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmtd: parsers: qcom: Fix missing free for pparts in cleanup\nMtdpart doesn't free pparts when a cleanup function is declared.\nAdd missing free for pparts in cleanup function for smem to fix the\nleak."], "name": "CVE-2022-48776", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48776\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48776\nhttps://lore.kernel.org/linux-cve-announce/2024071631-CVE-2022-48776-9882@gregkh/T"], "threat_severity": "Low"}