CVE-2022-50352
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: hns: fix possible memory leak in hnae_ae_register() Inject fault while probing module, if device_register() fails, but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup(). unreferenced object 0xffff00c01aba2100 (size 128): comm "systemd-udevd", pid 1259, jiffies 4294903284 (age 294.152s) hex dump (first 32 bytes): 68 6e 61 65 30 00 00 00 18 21 ba 1a c0 00 ff ff hnae0....!...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000034783f26>] slab_post_alloc_hook+0xa0/0x3e0 [<00000000748188f2>] __kmem_cache_alloc_node+0x164/0x2b0 [<00000000ab0743e8>] __kmalloc_node_track_caller+0x6c/0x390 [<000000006c0ffb13>] kvasprintf+0x8c/0x118 [<00000000fa27bfe1>] kvasprintf_const+0x60/0xc8 [<0000000083e10ed7>] kobject_set_name_vargs+0x3c/0xc0 [<000000000b87affc>] dev_set_name+0x7c/0xa0 [<000000003fd8fe26>] hnae_ae_register+0xcc/0x190 [hnae] [<00000000fe97edc9>] hns_dsaf_ae_init+0x9c/0x108 [hns_dsaf] [<00000000c36ff1eb>] hns_dsaf_probe+0x548/0x748 [hns_dsaf]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-01
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50352
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.4 (inc) to 4.9.332 (exc)
linux linux_kernel From 4.10 (inc) to 4.14.298 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.264 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.221 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.152 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.76 (exc)
linux linux_kernel From 5.16 (inc) to 6.0.6 (exc)
linux linux_kernel 6.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a possible memory leak in the Linux kernel's network driver module hns, specifically in the function hnae_ae_register(). When the device_register() function fails during module probing, the reference count of a kernel object (kobject) is not properly decreased to zero. As a result, the name allocated in dev_set_name() is not freed, causing a memory leak. The fix involves calling put_device() to ensure the name is freed during the kobject_cleanup() callback.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when certain network driver modules fail to register devices properly. Over time, this memory leak could cause increased memory usage, potentially degrading system performance or stability, especially on systems that frequently load and unload these modules or experience device registration failures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart