CVE-2022-50669 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0cd05062371a49774e8a45258bdedf0bd6d3d327
https://git.kernel.org/stable/c/2fce8b3583d1641a1716486f408478b58e96ec91
https://git.kernel.org/stable/c/3299983a6bf628249ac650908e62d12de959341e
https://git.kernel.org/stable/c/557b7de055d1e230ddb6664c29d26917b8db9143
https://git.kernel.org/stable/c/7525741cb302a1672b8c3a5edb2a08e4229b5c7c
https://git.kernel.org/stable/c/a4cb1004aeed2ab893a058fad00a5b41a12c4691
https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50669-f124@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50669
https://www.cve.org/CVERecord?id=CVE-2022-50669

History

Wed, 10 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50669-f124@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50669 https://www.cve.org/CVERecord?id=CVE-2022-50669
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 09 Dec 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release().
Title		misc: ocxl: fix possible name leak in ocxl_file_register_afu()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0cd05062371a49774e8a45258bdedf0bd6d3d327 https://git.kernel.org/stable/c/2fce8b3583d1641a1716486f408478b58e96ec91 https://git.kernel.org/stable/c/3299983a6bf628249ac650908e62d12de959341e https://git.kernel.org/stable/c/557b7de055d1e230ddb6664c29d26917b8db9143 https://git.kernel.org/stable/c/7525741cb302a1672b8c3a5edb2a08e4229b5c7c https://git.kernel.org/stable/c/a4cb1004aeed2ab893a058fad00a5b41a12c4691

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-09T01:29:20.745Z

Updated: 2025-12-09T01:29:20.745Z

Reserved: 2025-12-09T01:26:45.990Z

Link: CVE-2022-50669

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-09T16:17:18.953

Modified: 2025-12-09T18:37:13.640

Link: CVE-2022-50669

Redhat

Severity : Low

Publid Date: 2025-12-09T00:00:00Z

Links: CVE-2022-50669 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object