CVE-2022-50561

22.10.2025, 14:15

In the Linux kernel, the following vulnerability has been resolved:

iio: fix memory leak in iio_device_register_eventset()

When iio_device_register_sysfs_group() returns failed,
iio_device_register_eventset() needs to free attrs array.

Otherwise, kmemleak would scan & report memory leak as below:

unreferenced object 0xffff88810a1cc3c0 (size 32):
  comm "100-i2c-vcnl302", pid 728, jiffies 4295052307 (age 156.027s)
  backtrace:
    __kmalloc+0x46/0x1b0
    iio_device_register_eventset at drivers/iio/industrialio-event.c:541
    __iio_device_register at drivers/iio/industrialio-core.c:1959
    __devm_iio_device_register at drivers/iio/industrialio-core.c:2040

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.244-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.9-1 fixed
sid	6.16.12-2 fixed

References

https://git.kernel.org/stable/c/5de3add7509c95685f1185683b817dd206c4b1f1

https://git.kernel.org/stable/c/86fdd15e10e404e70ecb2a3bff24d70356d42b36

https://git.kernel.org/stable/c/a154b1c139fbf6a49762159be81d425d41ceec87

https://git.kernel.org/stable/c/dc6afd6070f3a5b086c8c5cfa6ded63ae44494da