CVE-2022-50702 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() Inject fault while probing module, if device_register() fails in vdpasim_net_init() or vdpasim_blk_init(), but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup(). (vdpa_sim_net) unreferenced object 0xffff88…

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.12.0 — 5.15.87+2

▶Debianlinux/linux_kernel< 6.1.7-1+2

▶CVEListV5linux/linuxa3c06ae158dd6fa8336157c31d9234689d068d02 — 586e6fd7d581f987f7d0d2592edf0b26397e783e+4

▶debiandebian/linux< linux 6.1.7-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-p22c-78xj-4fp8: In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()↗2025-12-24

▶

OSV

CVE-2022-50702: In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() In↗2025-12-24

▶

OSV

vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Memory leak in vdpa_sim leading to denial of service↗2025-12-24

▶

Debian

CVE-2022-50702: linux - In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: f...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50702 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶