CVE-2022-50331
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() Inject fault while probing module, if device_register() fails, but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup(). unreferenced object 0xffff88810152ad20 (size 8): comm "modprobe", pid 252, jiffies 4294849206 (age 22.713s) hex dump (first 8 bytes): 68 77 73 69 6d 30 00 ff hwsim0.. backtrace: [<000000009c3504ed>] __kmalloc_node_track_caller+0x44/0x1b0 [<00000000c0228a5e>] kvasprintf+0xb5/0x140 [<00000000cff8c21f>] kvasprintf_const+0x55/0x180 [<0000000055a1e073>] kobject_set_name_vargs+0x56/0x150 [<000000000a80b139>] dev_set_name+0xab/0xe0
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50331
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.14 (inc) to 5.15.76 (exc)
linux linux_kernel From 5.16 (inc) to 6.0.6 (exc)
linux linux_kernel 6.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a possible memory leak in the Linux kernel's wwan_hwsim module. When the device_register() function fails during module probing, the reference count of a kernel object (kobject) is not properly decreased to zero. As a result, the memory allocated for the device name in dev_set_name() is not freed, causing a memory leak. The fix involves calling put_device() to ensure the allocated name is freed during the kobject_cleanup() callback.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when the wwan_hwsim module fails to register a device. Over time, repeated failures could consume system memory unnecessarily, potentially degrading system performance or stability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50331. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart