CVE-2022-50561
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iio_device_register_eventset() When iio_device_register_sysfs_group() returns failed, iio_device_register_eventset() needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced object 0xffff88810a1cc3c0 (size 32): comm "100-i2c-vcnl302", pid 728, jiffies 4295052307 (age 156.027s) backtrace: __kmalloc+0x46/0x1b0 iio_device_register_eventset at drivers/iio/industrialio-event.c:541 __iio_device_register at drivers/iio/industrialio-core.c:1959 __devm_iio_device_register at drivers/iio/industrialio-core.c:2040
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-05-07
AI Q&A
2025-10-22
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50561
EUVD
EUVD-2022-55667
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's Industrial I/O (IIO) subsystem. Specifically, when the function iio_device_register_sysfs_group() fails, the function iio_device_register_eventset() does not free the allocated attrs array, causing a memory leak. This means that allocated memory is not properly released, which can be detected by the kernel's memory leak detector (kmemleak).


How can this vulnerability impact me? :

The impact of this vulnerability is a memory leak in the Linux kernel, which can lead to increased memory usage over time. This could potentially degrade system performance or stability if the leak accumulates, especially on systems that frequently register IIO devices and encounter this failure condition.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kmemleak reports for memory leaks related to iio_device_register_eventset(). Specifically, look for unreferenced objects with backtraces including iio_device_register_eventset and related functions. You can enable kmemleak in the Linux kernel and check its output using commands such as: 1. Enable kmemleak (if not already enabled): echo scan > /sys/kernel/debug/kmemleak 2. Check kmemleak reports: cat /sys/kernel/debug/kmemleak 3. Trigger scans periodically: echo scan > /sys/kernel/debug/kmemleak Look for entries similar to the example in the description indicating unreferenced objects related to iio_device_register_eventset.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version where the iio_device_register_eventset() memory leak has been fixed. This fix ensures that when iio_device_register_sysfs_group() fails, the attrs array is properly freed, preventing the memory leak. Until the update is applied, monitoring kmemleak reports can help identify if the leak is occurring.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart