CVE-2022-50669Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release().

Affected Packages4 packages

Linuxlinux/linux_kernel5.2.05.4.229+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux75ca758adbafc81804c39b2c200ecdc819a6c0420cd05062371a49774e8a45258bdedf0bd6d3d327+6
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
misc: ocxl: fix possible name leak in ocxl_file_register_afu()2025-12-09
GHSA
GHSA-ffpg-m95f-r6q9: In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_registe2025-12-09
OSV
CVE-2022-50669: In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register(2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: misc: ocxl: fix possible name leak in ocxl_file_register_afu()2025-12-09
Debian
CVE-2022-50669: linux - In the Linux kernel, the following vulnerability has been resolved: misc: ocxl:...2022