CVE-2022-50513
MEDIUMLinux Kernel < 5.4.220 - Memory Leak
Title source: ruleDescription
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly released. Besides, considering there are only two error paths and the first one can directly return, so we do not need implicitly jump to the `exit` tag to execute the error handler. So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error path to release the resource and simplified the return logic of rtw_init_cmd_priv(). As there is no proper device to test with, no runtime testing was performed.
References (6)
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
1.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-401
Status
draft
Affected Products (6)
linux/linux_kernel
< 5.4.220
linux/Kernel
< 5.4.220linux
linux/Kernel
< 5.10.150linux
linux/Kernel
< 5.15.75linux
linux/Kernel
< 5.19.17linux
linux/Kernel
< 6.0.3linux
Timeline
Published
Oct 07, 2025
Tracked Since
Feb 18, 2026