CVE-2022-50734
Memory Leak in Linux Kernel nvmem_register() Function
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's nvmem subsystem. Specifically, when the function nvmem_register is called, memory is allocated for nvmem->dev.kobj.name using dev_set_name. If the nvmem_validate_keepouts function fails, the memory allocated for nvmem is freed, but the memory allocated for nvmem->dev.kobj.name is not freed, causing a memory leak. The fix involved moving the call to nvmem_validate_keepouts after device_register so that the device core can properly handle cleaning up the name memory in error cases.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel, which over time could cause increased memory usage and potentially degrade system performance or stability if the leaked memory accumulates.