CVE-2022-50825
BaseFortify
Publication date: 2025-12-30
Last updated on: 2025-12-31
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference count leak in the Linux kernel's USB Type-C driver for the wusb3801 device. Specifically, if the function wusb3801_hw_init() fails, the code does not properly call fwnode_handle_put(), leading to an unbalanced reference count and a memory leak related to device tree node handling.
How can this vulnerability impact me? :
The impact of this vulnerability is a memory leak in the kernel due to unbalanced reference counting. Over time, this could lead to increased memory usage and potentially degrade system stability or cause resource exhaustion.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring kernel logs for messages indicating a reference count leak related to the wusb3801 driver. Specifically, look for errors such as: 'OF: ERROR: memory leak, expected refcount 1 instead of 4, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /i2c/tcpc@60/connector'. You can use the command 'dmesg | grep -i wusb3801' or 'journalctl -k | grep -i wusb3801' to check for such messages.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the wusb3801 driver has been fixed to properly call fwnode_handle_put() when wusb3801_hw_init() fails, preventing the reference count leak. If updating is not immediately possible, monitor for the error messages and avoid using affected hardware or drivers until patched.