CVE-2022-50484Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-911Improper Update of Reference Count5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at the middle of the sync EP URB allocation loop, the partially allocated URBs might be left without released, because ep->nurbs is still zero at that point. Fix it by setting ep->nurbs at first, so that t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.54.9.331+7
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux8fdff6a319e7dac757c558bd283dc4577e68cde70604e5e5537af099ea2f6dfd892afe5c92db8a80+9
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-fp6r-c5g5-wqvg: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allo2025-10-04
OSV
CVE-2022-50484: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at alloca2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: ALSA: usb-audio: Fix potential memory leaks2025-10-04
Debian
CVE-2022-50484: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...2022