CVE-2022-50343

16.09.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

rapidio: fix possible name leaks when rio_add_device() fails

Patch series "rapidio: fix three possible memory leaks".

This patchset fixes three name leaks in error handling.
 - patch #1 fixes two name leaks while rio_add_device() fails.
 - patch #2 fixes a name leak while  rio_register_mport() fails.


This patch (of 2):

If rio_add_device() returns error, the name allocated by dev_set_name()
need be freed.  It should use put_device() to give up the reference in the
error path, so that the name can be freed in kobject_cleanup(), and the
'rdev' can be freed in rio_release_dev().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Vendor	Product	Version
linux	linux_kernel	2.6.30 ≤ 𝑥 < 4.9.337
linux	linux_kernel	4.10 ≤ 𝑥 < 4.14.303
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.270
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.229
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.163
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.86
linux	linux_kernel	5.16 ≤ 𝑥 < 6.0.16
linux	linux_kernel	6.1 ≤ 𝑥 < 6.1.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.41-1 fixed
forky	6.16.3-1 fixed
sid	6.16.7-1 fixed

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschriebene Auswirkungen zu erzielen.
Published: 2025-09-16T22:00:00+00:00

References

https://git.kernel.org/stable/c/3b4676f274a6b5d001176f15d0542100bbf4b59a

https://git.kernel.org/stable/c/440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8

https://git.kernel.org/stable/c/80fad2e53eaed2b3a2ff596575f65669e13ceda5

https://git.kernel.org/stable/c/85fbf58b15c09d3a6a03098c1e42ebfe9002f39d

https://git.kernel.org/stable/c/88fa351b20ca300693a206ccd3c4b0e0647944d8

https://git.kernel.org/stable/c/c413f65011ff8caffabcde0e1c3ceede48a48d6f

https://git.kernel.org/stable/c/c482cb0deb57924335103fe592c379a076d867f8

https://git.kernel.org/stable/c/ec3f04f74f50d0b6bac04d795c93c2b852753a7a

https://git.kernel.org/stable/c/f9574cd48679926e2a569e1957a5a1bcc8a719ac