CVE-2022-50105
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's powerpc/spufs component. Specifically, the function of_find_node_by_path() returns a remote device node pointer with its reference count incremented, but the code did not properly decrement the reference count by calling of_node_put() when done. This missing call causes a refcount leak, which has been fixed by adding the missing of_node_put() call.
How can this vulnerability impact me? :
The vulnerability causes a reference count leak in the kernel, which can lead to resource leaks and potentially degrade system stability or performance over time. However, there is no indication that it leads to direct security breaches such as privilege escalation or data corruption.