CVE-2022-50669

09.12.2025, 16:17

In the Linux kernel, the following vulnerability has been resolved:

misc: ocxl: fix possible name leak in ocxl_file_register_afu()

If device_register() returns error in ocxl_file_register_afu(),
the name allocated by dev_set_name() need be freed. As comment
of device_register() says, it should use put_device() to give
up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(),
and info is freed in info_release().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.244-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.9-1 fixed
sid	6.17.11-1 fixed

References

https://git.kernel.org/stable/c/0cd05062371a49774e8a45258bdedf0bd6d3d327

https://git.kernel.org/stable/c/2fce8b3583d1641a1716486f408478b58e96ec91

https://git.kernel.org/stable/c/3299983a6bf628249ac650908e62d12de959341e

https://git.kernel.org/stable/c/557b7de055d1e230ddb6664c29d26917b8db9143

https://git.kernel.org/stable/c/7525741cb302a1672b8c3a5edb2a08e4229b5c7c

https://git.kernel.org/stable/c/a4cb1004aeed2ab893a058fad00a5b41a12c4691