CVE-2022-50139 - Vulnerability Details

- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()

We should call of_node_put() for the reference returned by
of_get_child_by_name() which has increased the refcount.

Published: 2025-06-18

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`30d2617fd7ed052c30d1c21ddd4af4703d922be8`	affected	< e6db5780c2bf6e23be7b315809ef349b4b4f2213
`30d2617fd7ed052c30d1c21ddd4af4703d922be8`	affected	< 4070f3c83cd28267f469a59751480ad39435f26a
`30d2617fd7ed052c30d1c21ddd4af4703d922be8`	affected	< 0e0a40c803643f4edc30f0660f2f3bea4d57a99a
`30d2617fd7ed052c30d1c21ddd4af4703d922be8`	affected	< 3503305225ca24c3229414c769323fb8bf39b4bf
`30d2617fd7ed052c30d1c21ddd4af4703d922be8`	affected	< 220fafb4ed04187e9c17be4152da5a7f2ffbdd8c

Linux

affected

Version	Status	Constraints
`5.8`	affected	—
`0`	unaffected	< 5.8
`5.10.137`	unaffected	≤ 5.10.*
`5.15.61`	unaffected	≤ 5.15.*
`5.18.18`	unaffected	≤ 5.18.*
`5.19.2`	unaffected	≤ 5.19.*
`6.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-55405	In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0e0a40c803643f4edc30f0660f2f3bea4d57a99a
https://git.kernel.org/stable/c/220fafb4ed04187e9c17be4152da5a7f2ffbdd8c
https://git.kernel.org/stable/c/3503305225ca24c3229414c769323fb8bf39b4bf
https://git.kernel.org/stable/c/4070f3c83cd28267f469a59751480ad39435f26a
https://git.kernel.org/stable/c/e6db5780c2bf6e23be7b315809ef349b4b4f2213
https://lore.kernel.org/linux-cve-announce/2025061817-CVE-2022-50139-658f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50139
https://www.cve.org/CVERecord?id=CVE-2022-50139

History

Tue, 18 Nov 2025 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 20 Jun 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061817-CVE-2022-50139-658f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50139 https://www.cve.org/CVERecord?id=CVE-2022-50139
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.
Title		usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
References		https://git.kernel.org/stable/c/0e0a40c803643f4edc30f0660f2f3bea4d57a99a https://git.kernel.org/stable/c/220fafb4ed04187e9c17be4152da5a7f2ffbdd8c https://git.kernel.org/stable/c/3503305225ca24c3229414c769323fb8bf39b4bf https://git.kernel.org/stable/c/4070f3c83cd28267f469a59751480ad39435f26a https://git.kernel.org/stable/c/e6db5780c2bf6e23be7b315809ef349b4b4f2213

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T11:03:02.318Z

Updated: 2026-05-11T19:13:34.695Z

Reserved: 2025-06-18T10:57:27.422Z

Link: CVE-2022-50139

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-06-18T11:15:43.840

Modified: 2025-11-18T02:57:43.417

Link: CVE-2022-50139

Redhat

Severity : Low

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50139 - Bugzilla

OpenCVE Enrichment

Updated: 2025-06-23T08:36:34Z

Weaknesses

NVD-CWE-Other

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object