CVE-2022-50113
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak bug in the Linux kernel's audio-graph-card2 component, specifically in the __graph_get_type() function. The issue arises because the function fails to properly call of_node_put() to decrement the reference count obtained from of_get_parent(), leading to a leak of references.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the kernel due to unreleased references, which could potentially lead to increased memory usage or instability in the audio subsystem of the Linux kernel. However, no specific exploit or direct security impact is described.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Linux kernel to a version where the ASoc: audio-graph-card2 refcount leak bug in __graph_get_type() has been fixed. This involves applying the patch that ensures of_node_put() is called appropriately to prevent the refcount leak.