CVE-2022-50632 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents5 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init() tad_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuhp_remove_multi_state() in fail path. Similar to the handling of arm_ccn_init() in commit 26242b330093 ("bus: arm-ccn: Prevent hotplug callback leak")

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.17.0 — 6.0.16+1

▶Debianlinux/linux_kernel< 6.1.4-1+2

▶CVEListV5linux/linux036a7584bede317d0df6b854e4f531b7a2dd8b33 — 367404bfd1aa87b2a50059cd8edc6c12c367cd15+3

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-4j33-p5x7-pgpc: In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init() tad_pm↗2025-12-09

▶

OSV

CVE-2022-50632: In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init() tad_pmu_↗2025-12-09

▶

OSV

drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init()↗2025-12-08

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Local denial of service in marvell_cn10k perf driver↗2025-12-09

▶

Debian

CVE-2022-50632: linux - In the Linux kernel, the following vulnerability has been resolved: drivers: pe...↗2022

▶