CVE-2022-50032 - Vulnerability Details

- usb: renesas: Fix refcount leak bug

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: renesas: Fix refcount leak bug

In usbhs_rza1_hardware_init(), of_find_node_by_name() will return
a node pointer with refcount incremented. We should use of_node_put()
when it is not used anymore.

Published: 2025-06-18

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`aec2927b5944df70bca4bdeea6c4e7c3195dc37a`	affected	< 36b18b777dece704b7c2e9e7947ca41a9b0fb009
`aec2927b5944df70bca4bdeea6c4e7c3195dc37a`	affected	< cfa8f707a58d68b2341a9dd0b33cf048f0628b4d
`aec2927b5944df70bca4bdeea6c4e7c3195dc37a`	affected	< 9790a5a4f07f38a5add85ec58c44797d3a7c3677
`aec2927b5944df70bca4bdeea6c4e7c3195dc37a`	affected	< fbdbd61a36d887e00114321c6758e359e9573a8e
`aec2927b5944df70bca4bdeea6c4e7c3195dc37a`	affected	< 5c4b699193eba51f1bbf462d758d66f545fddd35
`aec2927b5944df70bca4bdeea6c4e7c3195dc37a`	affected	< 9d6d5303c39b8bc182475b22f45504106a07f086

Linux

affected

Version	Status	Constraints
`4.16`	affected	—
`0`	unaffected	< 4.16
`4.19.256`	unaffected	≤ 4.19.*
`5.4.211`	unaffected	≤ 5.4.*
`5.10.138`	unaffected	≤ 5.10.*
`5.15.63`	unaffected	≤ 5.15.*
`5.19.4`	unaffected	≤ 5.19.*
`6.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-55304	In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/36b18b777dece704b7c2e9e7947ca41a9b0fb009
https://git.kernel.org/stable/c/5c4b699193eba51f1bbf462d758d66f545fddd35
https://git.kernel.org/stable/c/9790a5a4f07f38a5add85ec58c44797d3a7c3677
https://git.kernel.org/stable/c/9d6d5303c39b8bc182475b22f45504106a07f086
https://git.kernel.org/stable/c/cfa8f707a58d68b2341a9dd0b33cf048f0628b4d
https://git.kernel.org/stable/c/fbdbd61a36d887e00114321c6758e359e9573a8e
https://lore.kernel.org/linux-cve-announce/2025061839-CVE-2022-50032-9d7e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50032
https://www.cve.org/CVERecord?id=CVE-2022-50032

History

Thu, 13 Nov 2025 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 20 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061839-CVE-2022-50032-9d7e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50032 https://www.cve.org/CVERecord?id=CVE-2022-50032
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.
Title		usb: renesas: Fix refcount leak bug
References		https://git.kernel.org/stable/c/36b18b777dece704b7c2e9e7947ca41a9b0fb009 https://git.kernel.org/stable/c/5c4b699193eba51f1bbf462d758d66f545fddd35 https://git.kernel.org/stable/c/9790a5a4f07f38a5add85ec58c44797d3a7c3677 https://git.kernel.org/stable/c/9d6d5303c39b8bc182475b22f45504106a07f086 https://git.kernel.org/stable/c/cfa8f707a58d68b2341a9dd0b33cf048f0628b4d https://git.kernel.org/stable/c/fbdbd61a36d887e00114321c6758e359e9573a8e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T11:01:34.767Z

Updated: 2026-05-11T19:11:26.820Z

Reserved: 2025-06-18T10:57:27.395Z

Link: CVE-2022-50032

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-06-18T11:15:31.557

Modified: 2026-06-17T05:22:36.093

Link: CVE-2022-50032

Redhat

Severity : Low

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50032 - Bugzilla

OpenCVE Enrichment

Updated: 2025-06-23T08:53:47Z

Weaknesses

NVD-CWE-Other

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object