CVE-2022-50633 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents5 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 89.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init of_icc_get() alloc resources for path handle, we should release it when not need anymore. Like the release in dwc3_qcom_interconnect_exit() function. Add icc_put() in error handling to fix this.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.10.0 — 5.10.163+3

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linuxbea46b9815154ac47baf16b64022d791a4471375 — f9089b95548f0272e02a89989c511e235561d051+5

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

OSV

usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init↗2025-12-09

▶

GHSA

GHSA-hrx8-h9vp-3pj7: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init of_icc_get() all↗2025-12-09

▶

OSV

CVE-2022-50633: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init of_icc_get() alloc↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init↗2025-12-09

▶

Debian

CVE-2022-50633: linux - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ...↗2022

▶