CVE-2022-49861: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
A clk_prepare_enable() call in the probe is not balanced by a corresponding
clk_disable_unprepare() in the remove function.
Add the missing call.
Security readout for executives and security teams
Plain-English summary
CVE-2022-49861 is a Linux kernel resource leak in the Marvell XOR v2 DMA engine driver. A local user with low privileges could trigger an availability impact on affected systems. The provided sources do not show data theft, data modification, remote exploitation, or confirmed active exploitation.
Executive priority
Treat as a routine but real availability risk. It should be included in normal Linux kernel patch cycles, with higher priority for systems allowing local user access or running relevant Marvell DMA hardware support.
Technical view
The kernel driver probe enables a clock with clk_prepare_enable(), but mv_xor_v2_remove() lacked the matching clk_disable_unprepare(). The fix adds that missing cleanup call. CVSS 3.1 is 5.5 with local attack vector, low privileges, no user interaction, and high availability impact only.
Likely exposure
Exposure appears limited to affected Linux kernel versions where the mv_xor_v2 DMA engine driver is present or built into deployed kernels. Systems without this driver or outside the listed affected versions are less likely exposed, but confirm against vendor kernel packages.
Exploitation context
The source bundle marks KEV as false and provides no evidence of active exploitation. The CVSS vector indicates local, low-complexity exploitation requiring low privileges, with impact limited to availability. No remote attack path is supported by the provided sources.
Researcher notes
The evidence is narrow: a missing cleanup call in a specific kernel driver and stable kernel commits fixing it. The bundle does not provide proof-of-concept details, exploitation reports, or vendor-specific package mappings, so validation should rely on kernel source and distribution advisories.
Mitigation direction
Apply Linux vendor kernel updates containing the referenced stable fixes.
Check distribution advisories for the exact fixed package version.
Prioritize systems using affected kernels and the mv_xor_v2 driver.
Reboot into the fixed kernel after patching, if required.
If patching is delayed, reduce local untrusted user access.
Validation and detection
Inventory running kernel versions across Linux assets.
Confirm whether mv_xor_v2 is present, built, or loaded on each system.
Verify vendor changelogs reference CVE-2022-49861 or the stable commit IDs.
Confirm patched source includes clk_disable_unprepare() in mv_xor_v2_remove().
Retire or update affected kernel builds after validation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49861 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.