CVE-2022-50146
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's PCI component where, if the function dw_pcie_ep_init() fails after initializing EPC memory and allocating MSI memory, it does not properly clean up the allocated MSI memory. This results in a memory leak because the allocated memory is not deallocated when an error occurs.
How can this vulnerability impact me? :
The impact of this vulnerability is a memory leak in the Linux kernel's PCI subsystem. Over time, this could lead to increased memory usage and potentially degrade system performance or stability if the leak occurs repeatedly or in critical systems.