CVE-2022-50304
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace: <TASK> dump_stack_lvl+0x67/0x83 sysfs_warn_dup+0x60/0x70 sysfs_create_dir_ns+0x109/0x120 kobject_add_internal+0xce/0x2f0 kobject_add+0x98/0x110 device_add+0x179/0xc00 device_create_groups_vargs+0xf4/0x100 device_create+0x7b/0xb0 bdi_register_va.part.13+0x58/0x2d0 bdi_register+0x9b/0xb0 init_mtd+0x62/0x171 [mtd] do_one_initcall+0x6c/0x3c0 do_init_module+0x58/0x222 load_module+0x268e/0x27d0 __do_sys_finit_module+0xd5/0x140 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> kobject_add_internal failed for mtd-0 with -EEXIST, don't try to register things with the same name in the same directory. Error registering mtd class or bdi: -17 If init_mtdchar() fails in init_mtd(), mtd_bdi will not be unregistered, as a result, we can't load the mtd module again, to fix this by calling bdi_unregister(mtd_bdi) after out_procfs label.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-04
Generated
2026-05-07
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50304
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.10 (inc) to 6.0.16 (exc)
linux linux_kernel From 6.1 (inc) to 6.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a resource leak in the Linux kernel's mtd (memory technology device) core, specifically in the init_mtd() function. When init_mtdchar() fails during initialization, the mtd_bdi (backing device info) is not unregistered properly. This causes an error where the system cannot create duplicate filenames in sysfs, preventing the mtd module from being loaded again. The fix involves ensuring that bdi_unregister(mtd_bdi) is called to clean up resources after failure.


How can this vulnerability impact me? :

This vulnerability can cause the mtd module to fail to load again after an initialization failure due to resource leakage. This can lead to system instability or inability to properly manage memory technology devices, potentially affecting system functionality that relies on these devices.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing error messages related to duplicate sysfs entries for mtd devices, such as 'sysfs: cannot create duplicate filename \'/devices/virtual/bdi/mtd-0\'' and errors like 'kobject_add_internal failed for mtd-0 with -EEXIST'. Checking kernel logs (e.g., using 'dmesg' or 'journalctl -k') for these specific errors can help identify the issue. Commands to detect this include: 'dmesg | grep mtd', 'dmesg | grep sysfs', or 'journalctl -k | grep mtd'.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the Linux kernel is updated to a version where the fix is applied, which involves calling bdi_unregister(mtd_bdi) after the out_procfs label in init_mtd() to prevent resource leaks and allow the mtd module to be reloaded properly. Until the update is applied, avoid repeatedly loading and unloading the mtd module to prevent the resource leak and duplicate sysfs entries.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart