CVE-2022-50669 - Vulnerability Details

- misc: ocxl: fix possible name leak in ocxl_file_register_afu()

Description

In the Linux kernel, the following vulnerability has been resolved:

misc: ocxl: fix possible name leak in ocxl_file_register_afu()

If device_register() returns error in ocxl_file_register_afu(),
the name allocated by dev_set_name() need be freed. As comment
of device_register() says, it should use put_device() to give
up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(),
and info is freed in info_release().

Published: 2025-12-09

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`75ca758adbafc81804c39b2c200ecdc819a6c042`	affected	< 0cd05062371a49774e8a45258bdedf0bd6d3d327
`75ca758adbafc81804c39b2c200ecdc819a6c042`	affected	< 7525741cb302a1672b8c3a5edb2a08e4229b5c7c
`75ca758adbafc81804c39b2c200ecdc819a6c042`	affected	< 3299983a6bf628249ac650908e62d12de959341e
`75ca758adbafc81804c39b2c200ecdc819a6c042`	affected	< 557b7de055d1e230ddb6664c29d26917b8db9143
`75ca758adbafc81804c39b2c200ecdc819a6c042`	affected	< 2fce8b3583d1641a1716486f408478b58e96ec91
`75ca758adbafc81804c39b2c200ecdc819a6c042`	affected	< a4cb1004aeed2ab893a058fad00a5b41a12c4691

Linux

affected

Version	Status	Constraints
`5.2`	affected	—
`0`	unaffected	< 5.2
`5.4.229`	unaffected	≤ 5.4.*
`5.10.163`	unaffected	≤ 5.10.*
`5.15.86`	unaffected	≤ 5.15.*
`6.0.16`	unaffected	≤ 6.0.*
`6.1.2`	unaffected	≤ 6.1.*
`6.2`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0cd05062371a49774e8a45258bdedf0bd6d3d327
https://git.kernel.org/stable/c/2fce8b3583d1641a1716486f408478b58e96ec91
https://git.kernel.org/stable/c/3299983a6bf628249ac650908e62d12de959341e
https://git.kernel.org/stable/c/557b7de055d1e230ddb6664c29d26917b8db9143
https://git.kernel.org/stable/c/7525741cb302a1672b8c3a5edb2a08e4229b5c7c
https://git.kernel.org/stable/c/a4cb1004aeed2ab893a058fad00a5b41a12c4691
https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50669-f124@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50669
https://www.cve.org/CVERecord?id=CVE-2022-50669

History

Wed, 10 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50669-f124@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50669 https://www.cve.org/CVERecord?id=CVE-2022-50669
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 09 Dec 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release().
Title		misc: ocxl: fix possible name leak in ocxl_file_register_afu()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0cd05062371a49774e8a45258bdedf0bd6d3d327 https://git.kernel.org/stable/c/2fce8b3583d1641a1716486f408478b58e96ec91 https://git.kernel.org/stable/c/3299983a6bf628249ac650908e62d12de959341e https://git.kernel.org/stable/c/557b7de055d1e230ddb6664c29d26917b8db9143 https://git.kernel.org/stable/c/7525741cb302a1672b8c3a5edb2a08e4229b5c7c https://git.kernel.org/stable/c/a4cb1004aeed2ab893a058fad00a5b41a12c4691

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-09T01:29:20.745Z

Updated: 2026-05-11T19:23:20.227Z

Reserved: 2025-12-09T01:26:45.990Z

Link: CVE-2022-50669

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-09T16:17:18.953

Modified: 2026-04-15T00:35:42.020

Link: CVE-2022-50669

Redhat

Severity : Low

Publid Date: 2025-12-09T00:00:00Z

Links: CVE-2022-50669 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object