CVE-2022-50544 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 7
Latest updateApr 20
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
xhci_alloc_stream_info() allocates stream context array for stream_info
->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,
stream_info->stream_ctx_array is not released, which will lead to a
memory leak.
We can fix it by releasing the stream_info->stream_ctx_array with
xhci_free_stream_ctx() on the error path to avoid the potential me…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux8df75f42f8e67e2851cdcf6da91640fb881defd1 — 7fc6bab3413e6a42bb1264ff7c9149808c93a4c7+9
Patches
🔴Vulnerability Details
3VulDB▶
Linux Kernel up to 6.0.2 usb xhci_alloc_stream_info memory leak (Nessus ID 284771 / WID-SEC-2025-2229)↗2026-04-20
GHSA▶
GHSA-529p-w982-9f3h: In the Linux kernel, the following vulnerability has been resolved:
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
xhci_allo↗2025-10-07
OSV▶
CVE-2022-50544: In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() xhci_alloc_↗2025-10-07