CVE-2022-50578Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.1%
top 83.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in __class_register() If class_add_groups() returns error, the 'cp->subsys' need be unregister, and the 'cp' need be freed. We can not call kset_unregister() here, because the 'cls' will be freed in callback function class_release() and it's also freed in caller's error path, it will cause double free. So fix this by calling kobject_del() and kfree_const(name) to cleanup kobject. Besides, call

Affected Packages4 packages

Linuxlinux/linux_kernel4.10.04.14.303+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxced6473e7486702f530a49f886b73195e49777344efa5443817c1b6de22d401aeca5b2481e835f8c+8
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
class: fix possible memory leak in __class_register()2025-10-22
GHSA
GHSA-x9pw-p3r7-mr43: In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in __class_register() If class_add_groups() retu2025-10-22
OSV
CVE-2022-50578: In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in __class_register() If class_add_groups() return2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Memory leak in __class_register()2025-10-22
Debian
CVE-2022-50578: linux - In the Linux kernel, the following vulnerability has been resolved: class: fix ...2022