CVE-2022-50139
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50139
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-Other
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a reference count leak in the Linux kernel's usb aspeed-vhub driver, specifically in the function ast_vhub_init_desc(). The issue occurs because the function of_node_put() was not called for the reference returned by of_get_child_by_name(), which caused the reference count to increase improperly and not be released.


How can this vulnerability impact me? :

The impact of this vulnerability is a resource leak in the kernel due to the reference count not being properly decremented. This could potentially lead to increased memory usage or instability in the usb aspeed-vhub driver, but specific impacts are not detailed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart