CVE-2022-50343

MEDIUM

Linux Kernel < 4.9.337 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up the reference in the error path, so that the name can be freed in kobject_cleanup(), and the 'rdev' can be freed in rio_release_dev().

References (9)

[Patch] https://git.kernel.org/stable/c/3b4676f274a6b5d001176f15d0542100bbf4b59a

[Patch] https://git.kernel.org/stable/c/440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8

[Patch] https://git.kernel.org/stable/c/80fad2e53eaed2b3a2ff596575f65669e13ceda5

[Patch] https://git.kernel.org/stable/c/85fbf58b15c09d3a6a03098c1e42ebfe9002f39d

[Patch] https://git.kernel.org/stable/c/88fa351b20ca300693a206ccd3c4b0e0647944d8

[Patch] https://git.kernel.org/stable/c/c413f65011ff8caffabcde0e1c3ceede48a48d6f

[Patch] https://git.kernel.org/stable/c/c482cb0deb57924335103fe592c379a076d867f8

[Patch] https://git.kernel.org/stable/c/ec3f04f74f50d0b6bac04d795c93c2b852753a7a

[Patch] https://git.kernel.org/stable/c/f9574cd48679926e2a569e1957a5a1bcc8a719ac

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (9)

linux/linux_kernel < 4.9.337

linux/Kernel < 4.9.337linux

linux/Kernel < 4.14.303linux

linux/Kernel < 4.19.270linux

linux/Kernel < 5.4.229linux

linux/Kernel < 5.10.163linux

linux/Kernel < 5.15.86linux

linux/Kernel < 6.0.16linux

linux/Kernel < 6.1.2linux

Timeline

Published Sep 16, 2025

Tracked Since Feb 18, 2026