CVE-2022-50513
MEDIUMLinux Kernel 4.12-5.4.219, 5.5-5.10.149, 5.11-5.15.74, 5.16-5.19.16, 5.20-6.0.2 - Use-After-Free in rtw_init_cmd_priv
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly released. Besides, considering there are only two error paths and the first one can directly return, so we do not need implicitly jump to the `exit` tag to execute the error handler. So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error path to release the resource and simplified the return logic of rtw_init_cmd_priv(). As there is no proper device to test with, no runtime testing was performed.
References (6)
Core 6
Core References
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
4.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (20)
linux/Kernel
4.12.0 - 5.4.220linux
linux/Kernel
5.11.0 - 5.15.75linux
linux/Kernel
5.16.0 - 5.19.17linux
linux/Kernel
5.20.0 - 6.0.3linux
linux/Kernel
5.5.0 - 5.10.150linux
Linux/Linux
< 4.12
Linux/Linux
4.12
Linux/Linux
5.10.150 - 5.10.*
Linux/Linux
5.15.75 - 5.15.*
Linux/Linux
5.19.17 - 5.19.*
... and 10 more
Published
Oct 07, 2025
Tracked Since
Feb 18, 2026