CVE-2022-50431
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a possible memory leak in the Linux kernel's ALSA aoa i2sbus driver. Specifically, when the function dev_set_name() allocates memory for a device name in soundbus_add_one(), if of_device_register() fails, the allocated memory is not freed properly. The fix involves calling soundbus_dev_put() to release the reference held by device_initialize(), allowing the memory to be freed correctly during kobject_cleanup(). Other resources are also freed in i2sbus_release_dev(), preventing the leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel when certain device registration fails. Over time, this could cause increased memory usage and potentially degrade system performance or stability, especially on systems using the affected ALSA aoa i2sbus driver.