CVE-2022-50400
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.10.150 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.75 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 5.19.17 (exc) |
| linux | linux_kernel | From 6.0 (inc) to 6.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's greybus audio_helper code, where incorrect usage of debugfs leads to potential removal of debugfs files that the greybus audio driver did not create. This can cause memory leaks and may remove all debugfs entries from the system, which is unintended and incorrect behavior. The issue arises because the audio_helper code improperly handles debugfs files, and the fix involves removing this incorrect debugfs logic.
How can this vulnerability impact me? :
The vulnerability can cause memory leaks and potentially remove all debugfs entries from the system, which could disrupt system debugging and monitoring functions that rely on debugfs. This could lead to system instability or difficulties in diagnosing system issues.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability involves incorrect usage of debugfs in the greybus audio_helper code in the Linux kernel, which can lead to removal of all debugfs entries and memory leaks. Immediate mitigation would be to update the Linux kernel to a version where this issue is resolved by removing the incorrect debugfs logic from the audio_helper code.