CVE-2022-50646 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents5 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 85.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsa_init_one() The hpda_alloc_ctlr_info() allocates h and its field reply_map. However, in hpsa_init_one(), if alloc_percpu() failed, the hpsa_init_one() jumps to clean1 directly, which frees h and leaks the h->reply_map. Fix by calling hpda_free_ctlr_info() to release h->replay_map and h instead free h directly.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.16.0 — 4.19.270+5

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux8b834bff1b73dce46f4e9f5e84af6f73fed8b0ef — f4d1c14e8b404766ff2bb8644bb19443d73965de+8

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

OSV

scsi: hpsa: Fix possible memory leak in hpsa_init_one()↗2025-12-09

▶

OSV

CVE-2022-50646: In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsa_init_one() The hpda_alloc_ctlr_info()↗2025-12-09

▶

GHSA

GHSA-23j2-8hh8-295f: In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsa_init_one() The hpda_alloc_ctlr_info↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: scsi: hpsa: Fix possible memory leak in hpsa_init_one()↗2025-12-09

▶

Debian

CVE-2022-50646: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa:...↗2022

▶