CVE-2022-50104 - Vulnerability Details

- powerpc/xive: Fix refcount leak in xive_get_max_prio

Description

In the Linux kernel, the following vulnerability has been resolved:

powerpc/xive: Fix refcount leak in xive_get_max_prio

of_find_node_by_path() returns a node pointer with
refcount incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.

Published: 2025-06-18

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< 5ed9709d262bf026b2ff64979fbfe0f496287588
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< f658d5b528ce97a68efbb64ee54f6fe0909b189a
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< d99733ad47a6c990b52e136608455643bfa708f2
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< 6d1e53f7f181a11a8a343def1e0d0209905b7c64
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< ea494e8a9852abd0ba60f69b254ce0d7c38449e2
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< 2e18b869a8d574cfe9ee64df9c3d0a7ac7ed07a8
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< 79b8eae24b7ee157bda07695d802be8576983fa8
`eac1e731b59ee3b5f5e641a7765c7ed41ed26226`	affected	< 255b650cbec6849443ce2e0cdd187fd5e61c218c

Linux

affected

Version	Status	Constraints
`4.14`	affected	—
`0`	unaffected	< 4.14
`4.14.291`	unaffected	≤ 4.14.*
`4.19.256`	unaffected	≤ 4.19.*
`5.4.211`	unaffected	≤ 5.4.*
`5.10.137`	unaffected	≤ 5.10.*
`5.15.61`	unaffected	≤ 5.15.*
`5.18.18`	unaffected	≤ 5.18.*
`5.19.2`	unaffected	≤ 5.19.*
`6.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-55370	In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/255b650cbec6849443ce2e0cdd187fd5e61c218c
https://git.kernel.org/stable/c/2e18b869a8d574cfe9ee64df9c3d0a7ac7ed07a8
https://git.kernel.org/stable/c/5ed9709d262bf026b2ff64979fbfe0f496287588
https://git.kernel.org/stable/c/6d1e53f7f181a11a8a343def1e0d0209905b7c64
https://git.kernel.org/stable/c/79b8eae24b7ee157bda07695d802be8576983fa8
https://git.kernel.org/stable/c/d99733ad47a6c990b52e136608455643bfa708f2
https://git.kernel.org/stable/c/ea494e8a9852abd0ba60f69b254ce0d7c38449e2
https://git.kernel.org/stable/c/f658d5b528ce97a68efbb64ee54f6fe0909b189a
https://lore.kernel.org/linux-cve-announce/2025061805-CVE-2022-50104-38ee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50104
https://www.cve.org/CVERecord?id=CVE-2022-50104

History

Wed, 19 Nov 2025 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 20 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061805-CVE-2022-50104-38ee@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50104 https://www.cve.org/CVERecord?id=CVE-2022-50104
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.
Title		powerpc/xive: Fix refcount leak in xive_get_max_prio
References		https://git.kernel.org/stable/c/255b650cbec6849443ce2e0cdd187fd5e61c218c https://git.kernel.org/stable/c/2e18b869a8d574cfe9ee64df9c3d0a7ac7ed07a8 https://git.kernel.org/stable/c/5ed9709d262bf026b2ff64979fbfe0f496287588 https://git.kernel.org/stable/c/6d1e53f7f181a11a8a343def1e0d0209905b7c64 https://git.kernel.org/stable/c/79b8eae24b7ee157bda07695d802be8576983fa8 https://git.kernel.org/stable/c/d99733ad47a6c990b52e136608455643bfa708f2 https://git.kernel.org/stable/c/ea494e8a9852abd0ba60f69b254ce0d7c38449e2 https://git.kernel.org/stable/c/f658d5b528ce97a68efbb64ee54f6fe0909b189a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T11:02:39.443Z

Updated: 2026-05-11T19:12:54.714Z

Reserved: 2025-06-18T10:57:27.413Z

Link: CVE-2022-50104

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-06-18T11:15:39.787

Modified: 2025-11-19T13:29:37.130

Link: CVE-2022-50104

Redhat

Severity : Low

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50104 - Bugzilla

OpenCVE Enrichment

Updated: 2025-06-23T08:36:33Z

Weaknesses

NVD-CWE-Other

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object