LiveActive security incident?Get immediate response
CVE Record

CVE-2022-49861: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call.

MediumCVSS 5.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2022-49861 is a Linux kernel resource leak in the Marvell XOR v2 DMA engine driver. A local user with low privileges could trigger an availability impact on affected systems. The provided sources do not show data theft, data modification, remote exploitation, or confirmed active exploitation.

Executive priority

Treat as a routine but real availability risk. It should be included in normal Linux kernel patch cycles, with higher priority for systems allowing local user access or running relevant Marvell DMA hardware support.

Technical view

The kernel driver probe enables a clock with clk_prepare_enable(), but mv_xor_v2_remove() lacked the matching clk_disable_unprepare(). The fix adds that missing cleanup call. CVSS 3.1 is 5.5 with local attack vector, low privileges, no user interaction, and high availability impact only.

Likely exposure

Exposure appears limited to affected Linux kernel versions where the mv_xor_v2 DMA engine driver is present or built into deployed kernels. Systems without this driver or outside the listed affected versions are less likely exposed, but confirm against vendor kernel packages.

Exploitation context

The source bundle marks KEV as false and provides no evidence of active exploitation. The CVSS vector indicates local, low-complexity exploitation requiring low privileges, with impact limited to availability. No remote attack path is supported by the provided sources.

Researcher notes

The evidence is narrow: a missing cleanup call in a specific kernel driver and stable kernel commits fixing it. The bundle does not provide proof-of-concept details, exploitation reports, or vendor-specific package mappings, so validation should rely on kernel source and distribution advisories.

Mitigation direction

  • Apply Linux vendor kernel updates containing the referenced stable fixes.
  • Check distribution advisories for the exact fixed package version.
  • Prioritize systems using affected kernels and the mv_xor_v2 driver.
  • Reboot into the fixed kernel after patching, if required.
  • If patching is delayed, reduce local untrusted user access.

Validation and detection

  • Inventory running kernel versions across Linux assets.
  • Confirm whether mv_xor_v2 is present, built, or loaded on each system.
  • Verify vendor changelogs reference CVE-2022-49861 or the stable commit IDs.
  • Confirm patched source includes clk_disable_unprepare() in mv_xor_v2_remove().
  • Retire or update affected kernel builds after validation.
Prepared
Confidence
high
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-49861 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
1ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.5CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H1.83.6CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

5.5Medium
CVSS 3.1 vector shape for CVE-2022-49861Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux3bdcced41936b054470639c6a76ae033df1074e3, 2299285fb1819ef8459c116fd1eafe1458bb9ca1, 3cd2c313f1d618f92d1294addc6c685c17065761, 3cd2c313f1d618f92d1294addc6c685c17065761, 3cd2c313f1d618f92d1294addc6c685c17065761, 3cd2c313f1d618f92d1294addc6c685c17065761, 3cd2c313f1d618f92d1294addc6c685c17065761, 3cd2c313f1d618f92d1294addc6c685c17065761, 4.9.104, 4.14.45unaffected
LinuxLinux4.16, 0, 4.9.334, 4.14.300, 4.19.267, 5.4.225, 5.10.155, 5.15.79, 6.0.9, 6.1affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.