CVE-2022-50146

MEDIUM

Linux Kernel 4.16-5.19.1 - Use-After-Free in PCI Endpoint Controller

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory leak. Add a cleanup-on-error path to fix these leaks. [bhelgaas: commit log]

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/e7599a5974d4c64eaae8009c3f2e47b9e3223e07

Patch

https://git.kernel.org/stable/c/b03a8f1264ea8c363bec9ef6e37b467f27cb04ea

Patch

https://git.kernel.org/stable/c/2d546db5c80c45cac3ccd929550244fd58f4ff58

Patch

https://git.kernel.org/stable/c/3b453f5d06d1f1d6b20a75ea51dc7b53ae78f479

Patch

https://git.kernel.org/stable/c/8161e9626b50892eaedbd8070ecb1586ecedb109

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 5.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (17)

linux/Kernel 4.16.0 - 5.10.137linux

linux/Kernel 5.11.0 - 5.15.61linux

linux/Kernel 5.16.0 - 5.18.18linux

linux/Kernel 5.19.0 - 5.19.2linux

Linux/Linux < 4.16

Linux/Linux 2fd0c9d966cc11bb5f73556dd788d12f501d8755 - 2d546db5c80c45cac3ccd929550244fd58f4ff58

Linux/Linux 2fd0c9d966cc11bb5f73556dd788d12f501d8755 - 3b453f5d06d1f1d6b20a75ea51dc7b53ae78f479

Linux/Linux 2fd0c9d966cc11bb5f73556dd788d12f501d8755 - 8161e9626b50892eaedbd8070ecb1586ecedb109

Linux/Linux 2fd0c9d966cc11bb5f73556dd788d12f501d8755 - b03a8f1264ea8c363bec9ef6e37b467f27cb04ea

Linux/Linux 2fd0c9d966cc11bb5f73556dd788d12f501d8755 - e7599a5974d4c64eaae8009c3f2e47b9e3223e07

... and 7 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026