CVE-2022-50624
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: netsec: fix error handling in netsec_register_mdio() If phy_device_register() fails, phy_device_free() need be called to put refcount, so memory of phy device and device name can be freed in callback function. If get_phy_device() fails, mdiobus_unregister() need be called, or it will cause warning in mdiobus_free() and kobject is leaked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-08
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50624
EUVD
EUVD-2022-55688
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to error handling in the Linux kernel's network security (netsec) subsystem, specifically in the function netsec_register_mdio(). If certain functions fail during the registration process (phy_device_register() or get_phy_device()), the necessary cleanup functions (phy_device_free() or mdiobus_unregister()) are not called. This leads to resource leaks such as memory not being freed and kernel object (kobject) leaks.

Impact Analysis

The impact of this vulnerability includes potential memory leaks and kernel object leaks in the Linux kernel. This can lead to increased memory usage, possible system instability, or degraded performance over time due to unreleased resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50624. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart