CVE-2022-50672
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mailbox zynq-ipi driver during error handling when device_register() fails. Specifically, two issues arise: first, the device name allocated by dev_set_name() is leaked; second, if the device's parent is not NULL, calling device_unregister() in zynqmp_ipi_free_mboxes() leads to a kernel crash because it attempts to remove a device that was never successfully added. The fix involves calling put_device() to release the reference and free the name, and adding a check to avoid null pointer dereference during cleanup.
How can this vulnerability impact me? :
This vulnerability can lead to kernel crashes due to improper error handling and resource leaks in the Linux kernel's mailbox driver. Such crashes can cause system instability, potential denial of service, and may require system reboots or recovery actions.