CVE-2022-50146

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory leak. Add a cleanup-on-error path to fix these leaks. [bhelgaas: commit log]

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2d546db5c80c45cac3ccd929550244fd58f4ff58	Patch
https://git.kernel.org/stable/c/3b453f5d06d1f1d6b20a75ea51dc7b53ae78f479	Patch
https://git.kernel.org/stable/c/8161e9626b50892eaedbd8070ecb1586ecedb109	Patch
https://git.kernel.org/stable/c/b03a8f1264ea8c363bec9ef6e37b467f27cb04ea	Patch
https://git.kernel.org/stable/c/e7599a5974d4c64eaae8009c3f2e47b9e3223e07	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-06-18 11:15

Updated : 2025-11-17 19:57

NVD link : CVE-2022-50146

Mitre link : CVE-2022-50146

CVE.ORG link : CVE-2022-50146

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2022-50146", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-06-18T11:15:44.633", "references": [{"url": "https://git.kernel.org/stable/c/2d546db5c80c45cac3ccd929550244fd58f4ff58", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3b453f5d06d1f1d6b20a75ea51dc7b53ae78f479", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8161e9626b50892eaedbd8070ecb1586ecedb109", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b03a8f1264ea8c363bec9ef6e37b467f27cb04ea", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e7599a5974d4c64eaae8009c3f2e47b9e3223e07", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors\n\nIf dw_pcie_ep_init() fails to perform any action after the EPC memory is\ninitialized and the MSI memory region is allocated, the latter parts won't\nbe undone thus causing a memory leak. Add a cleanup-on-error path to fix\nthese leaks.\n\n[bhelgaas: commit log]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: dwc: Desasignar memoria EPC en errores de dw_pcie_ep_init(). Si dw_pcie_ep_init() no realiza ninguna acci\u00f3n despu\u00e9s de inicializar la memoria EPC y asignar la regi\u00f3n de memoria MSI, estas \u00faltimas acciones no se deshar\u00e1n, lo que provocar\u00e1 una fuga de memoria. Se ha a\u00f1adido una ruta de limpieza en caso de error para corregir estas fugas. [bhelgaas: registro de confirmaciones]"}], "lastModified": "2025-11-17T19:57:54.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "598CA477-2D35-42F8-B059-9AA6676F485F", "versionEndExcluding": "5.10.137", "versionStartIncluding": "4.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51861563-7F40-460F-82CD-2D3FBDAD6618", "versionEndExcluding": "5.15.61", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B42E453-8837-49D0-A5EF-03F818A6DC11", "versionEndExcluding": "5.18.18", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1A2A5A5-4598-4D7E-BA07-4660398D6C8F", "versionEndExcluding": "5.19.2", "versionStartIncluding": "5.19"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}