{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50060", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.404Z", "datePublished": "2025-06-18T11:02:08.585Z", "dateUpdated": "2025-06-18T11:02:08.585Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-18T11:02:08.585Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix mcam entry resource leak\n\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/af/rvu.c", "drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c"], "versions": [{"version": "c554f9c1574e022821260b24b043a4277e8ec5d8", "lessThan": "dc5be2d4f9285efe0d16f1bf00250df91d05d809", "status": "affected", "versionType": "git"}, {"version": "c554f9c1574e022821260b24b043a4277e8ec5d8", "lessThan": "cc32347f48111eea8d0165538c92aca92ede83f6", "status": "affected", "versionType": "git"}, {"version": "c554f9c1574e022821260b24b043a4277e8ec5d8", "lessThan": "3f8fe40ab7730cf8eb6f8b8ff412012f7f6f8f48", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/af/rvu.c", "drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.63", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.4", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.15.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/dc5be2d4f9285efe0d16f1bf00250df91d05d809"}, {"url": "https://git.kernel.org/stable/c/cc32347f48111eea8d0165538c92aca92ede83f6"}, {"url": "https://git.kernel.org/stable/c/3f8fe40ab7730cf8eb6f8b8ff412012f7f6f8f48"}], "title": "octeontx2-af: Fix mcam entry resource leak", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CB92A10-E61D-45D0-857D-313051F29951", "versionEndExcluding": "5.15.63", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E669300-DA42-4ACD-86D8-68BE5F29FB88", "versionEndExcluding": "5.19.4", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix mcam entry resource leak\n\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-af: Se corrige la fuga de recursos de la entrada mcam. La secuencia de desmontaje del controlador FLR devuelve el mensaje si no hay ning\u00fan LF NIX conectado a PF/VF, ya que esto indica que ya se realiz\u00f3 un apagado ordenado de los recursos. Sin embargo, existe la posibilidad de que PF/VF no libere todas las entradas MCAM asignadas. Por lo tanto, las entradas mcam se liberan incluso con un LF desconectado."}], "id": "CVE-2022-50060", "lastModified": "2025-11-13T18:10:51.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-18T11:15:34.710", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f8fe40ab7730cf8eb6f8b8ff412012f7f6f8f48"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc32347f48111eea8d0165538c92aca92ede83f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc5be2d4f9285efe0d16f1bf00250df91d05d809"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: octeontx2-af: Fix mcam entry resource leak", "id": "2373503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373503"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nocteontx2-af: Fix mcam entry resource leak\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF."], "name": "CVE-2022-50060", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50060\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50060\nhttps://lore.kernel.org/linux-cve-announce/2025061849-CVE-2022-50060-e6cf@gregkh/T"], "statement": "A resource leak was identified in the FLR (Function Level Reset) handler of the OcteonTX2 AF driver, where MCAM entries could remain allocated even after a function teardown, particularly when the NIX LF was already detached. This patch ensures that MCAM entries are explicitly freed to prevent memory exhaustion or hardware resource leakage. The issue requires high privileges (PR:H) as it occurs during device or virtual function management, and exploitation is local. The impact is limited to system availability due to leaked resources that may exhaust MCAM allocation capacity, justifying an availability impact of High (A:H).", "threat_severity": "Moderate"}