CVE-2022-50154
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a refcount leak in the Linux kernel's PCI mediatek-gen3 driver, specifically in the function mtk_pcie_init_irq_domains(). The function of_get_child_by_name() returns a node pointer with its reference count incremented, but the code was missing a call to of_node_put() to decrement the reference count when the node is no longer needed. This missing call causes a reference count leak.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the kernel, which could lead to increased memory usage or resource exhaustion over time. This might degrade system performance or stability, especially on systems using the affected mediatek-gen3 PCI driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the refcount leak in mtk_pcie_init_irq_domains(), which adds the missing of_node_put() call. Applying the latest kernel patches from your Linux distribution or vendor is recommended.