{"id":"CVE-2022-50283","summary":"mtd: core: add missing of_node_get() in dynamic partitions code","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: core: add missing of_node_get() in dynamic partitions code\n\nThis fixes unbalanced of_node_put():\n[    1.078910] 6 cmdlinepart partitions found on MTD device gpmi-nand\n[    1.085116] Creating 6 MTD partitions on \"gpmi-nand\":\n[    1.090181] 0x000000000000-0x000008000000 : \"nandboot\"\n[    1.096952] 0x000008000000-0x000009000000 : \"nandfit\"\n[    1.103547] 0x000009000000-0x00000b000000 : \"nandkernel\"\n[    1.110317] 0x00000b000000-0x00000c000000 : \"nanddtb\"\n[    1.115525] ------------[ cut here ]------------\n[    1.120141] refcount_t: addition on 0; use-after-free.\n[    1.125328] WARNING: CPU: 0 PID: 1 at lib/refcount.c:25 refcount_warn_saturate+0xdc/0x148\n[    1.133528] Modules linked in:\n[    1.136589] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc7-next-20220930-04543-g8cf3f7\n[    1.146342] Hardware name: Freescale i.MX8DXL DDR3L EVK (DT)\n[    1.151999] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    1.158965] pc : refcount_warn_saturate+0xdc/0x148\n[    1.163760] lr : refcount_warn_saturate+0xdc/0x148\n[    1.168556] sp : ffff800009ddb080\n[    1.171866] x29: ffff800009ddb080 x28: ffff800009ddb35a x27: 0000000000000002\n[    1.179015] x26: ffff8000098b06ad x25: ffffffffffffffff x24: ffff0a00ffffff05\n[    1.186165] x23: ffff00001fdf6470 x22: ffff800009ddb367 x21: 0000000000000000\n[    1.193314] x20: ffff00001fdfebe8 x19: ffff00001fdfec50 x18: ffffffffffffffff\n[    1.200464] x17: 0000000000000000 x16: 0000000000000118 x15: 0000000000000004\n[    1.207614] x14: 0000000000000fff x13: ffff800009bca248 x12: 0000000000000003\n[    1.214764] x11: 00000000ffffefff x10: c0000000ffffefff x9 : 4762cb2ccb52de00\n[    1.221914] x8 : 4762cb2ccb52de00 x7 : 205d313431303231 x6 : 312e31202020205b\n[    1.229063] x5 : ffff800009d55c1f x4 : 0000000000000001 x3 : 0000000000000000\n[    1.236213] x2 : 0000000000000000 x1 : ffff800009954be6 x0 : 000000000000002a\n[    1.243365] Call trace:\n[    1.245806]  refcount_warn_saturate+0xdc/0x148\n[    1.250253]  kobject_get+0x98/0x9c\n[    1.253658]  of_node_get+0x20/0x34\n[    1.257072]  of_fwnode_get+0x3c/0x54\n[    1.260652]  fwnode_get_nth_parent+0xd8/0xf4\n[    1.264926]  fwnode_full_name_string+0x3c/0xb4\n[    1.269373]  device_node_string+0x498/0x5b4\n[    1.273561]  pointer+0x41c/0x5d0\n[    1.276793]  vsnprintf+0x4d8/0x694\n[    1.280198]  vprintk_store+0x164/0x528\n[    1.283951]  vprintk_emit+0x98/0x164\n[    1.287530]  vprintk_default+0x44/0x6c\n[    1.291284]  vprintk+0xf0/0x134\n[    1.294428]  _printk+0x54/0x7c\n[    1.297486]  of_node_release+0xe8/0x128\n[    1.301326]  kobject_put+0x98/0xfc\n[    1.304732]  of_node_put+0x1c/0x28\n[    1.308137]  add_mtd_device+0x484/0x6d4\n[    1.311977]  add_mtd_partitions+0xf0/0x1d0\n[    1.316078]  parse_mtd_partitions+0x45c/0x518\n[    1.320439]  mtd_device_parse_register+0xb0/0x274\n[    1.325147]  gpmi_nand_probe+0x51c/0x650\n[    1.329074]  platform_probe+0xa8/0xd0\n[    1.332740]  really_probe+0x130/0x334\n[    1.336406]  __driver_probe_device+0xb4/0xe0\n[    1.340681]  driver_probe_device+0x3c/0x1f8\n[    1.344869]  __driver_attach+0xdc/0x1a4\n[    1.348708]  bus_for_each_dev+0x80/0xcc\n[    1.352548]  driver_attach+0x24/0x30\n[    1.356127]  bus_add_driver+0x108/0x1f4\n[    1.359967]  driver_register+0x78/0x114\n[    1.363807]  __platform_driver_register+0x24/0x30\n[    1.368515]  gpmi_nand_driver_init+0x1c/0x28\n[    1.372798]  do_one_initcall+0xbc/0x238\n[    1.376638]  do_initcall_level+0x94/0xb4\n[    1.380565]  do_initcalls+0x54/0x94\n[    1.384058]  do_basic_setup+0x1c/0x28\n[    1.387724]  kernel_init_freeable+0x110/0x188\n[    1.392084]  kernel_init+0x20/0x1a0\n[    1.395578]  ret_from_fork+0x10/0x20\n[    1.399157] ---[ end trace 0000000000000000 ]---\n[    1.403782] ------------[ cut here ]------------","modified":"2026-04-02T08:28:22.453888Z","published":"2025-09-15T14:21:19.574Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50283.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/12b58961de0bd88b3c7dfa5d21f6d67f4678b780"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9e54ce00505d291ef88f2c05e5eef46269daf83c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50283.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50283"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ad9b10d1eaada169bd764abcab58f08538877e26"},{"fixed":"9e54ce00505d291ef88f2c05e5eef46269daf83c"},{"fixed":"12b58961de0bd88b3c7dfa5d21f6d67f4678b780"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50283.json"}}],"schema_version":"1.7.5"}