CVE-2022-50777 - Vulnerability Details

- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe

Description

In the Linux kernel, the following vulnerability has been resolved:

net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe

of_phy_find_device() return device node with refcount incremented.
Call put_device() to relese it when not needed anymore.

Published: 2025-12-24

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3f7056e1822d648f8022997497edc6cad2ad1e73`	affected	< 53526dbc8aa6b95e9fc2ab1e29b1a9145721da24
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< 78b0b1ff525d9be4babf5a148a4de0d50042d95d
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< 00616bd1913a4f879679e02dc08c2f501ca2bd4c
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< 106d0d33c9d1ec4ddeeffc1fdc717ff09953d4ed
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< 4d112f001612c79927c1ecf29522b34c4fa292e0
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< 52841e71253e6ace72751c72560950474a57d04c
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< ee84d37a5f08ed1121cdd16f8f3ed87552087a21
`ab4e6ee578e88a659938db8fbf33720bc048d29c`	affected	< d039535850ee47079d59527e96be18d8e0daa84b
`a5a849c9e8a6c357f84a5e249cb468f20da6d28f`	affected	—
`900812a0d318954400d20b0190c7d788b4ff2cc2`	affected	—
`4.14.74`	affected	< 4.14.303
`4.9.131`	affected	< 4.10
`4.18.12`	affected	< 4.19

Linux

affected

Version	Status	Constraints
`4.19`	affected	—
`0`	unaffected	< 4.19
`4.14.303`	unaffected	≤ 4.14.*
`4.19.270`	unaffected	≤ 4.19.*
`5.4.229`	unaffected	≤ 5.4.*
`5.10.163`	unaffected	≤ 5.10.*
`5.15.87`	unaffected	≤ 5.15.*
`6.0.19`	unaffected	≤ 6.0.*
`6.1.5`	unaffected	≤ 6.1.*
`6.2`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/00616bd1913a4f879679e02dc08c2f501ca2bd4c
https://git.kernel.org/stable/c/106d0d33c9d1ec4ddeeffc1fdc717ff09953d4ed
https://git.kernel.org/stable/c/4d112f001612c79927c1ecf29522b34c4fa292e0
https://git.kernel.org/stable/c/52841e71253e6ace72751c72560950474a57d04c
https://git.kernel.org/stable/c/53526dbc8aa6b95e9fc2ab1e29b1a9145721da24
https://git.kernel.org/stable/c/78b0b1ff525d9be4babf5a148a4de0d50042d95d
https://git.kernel.org/stable/c/d039535850ee47079d59527e96be18d8e0daa84b
https://git.kernel.org/stable/c/ee84d37a5f08ed1121cdd16f8f3ed87552087a21
https://lore.kernel.org/linux-cve-announce/2025122400-CVE-2022-50777-d1e3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50777
https://www.cve.org/CVERecord?id=CVE-2022-50777

History

Thu, 25 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025122400-CVE-2022-50777-d1e3@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50777 https://www.cve.org/CVERecord?id=CVE-2022-50777
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe of_phy_find_device() return device node with refcount incremented. Call put_device() to relese it when not needed anymore.
Title		net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/00616bd1913a4f879679e02dc08c2f501ca2bd4c https://git.kernel.org/stable/c/106d0d33c9d1ec4ddeeffc1fdc717ff09953d4ed https://git.kernel.org/stable/c/4d112f001612c79927c1ecf29522b34c4fa292e0 https://git.kernel.org/stable/c/52841e71253e6ace72751c72560950474a57d04c https://git.kernel.org/stable/c/53526dbc8aa6b95e9fc2ab1e29b1a9145721da24 https://git.kernel.org/stable/c/78b0b1ff525d9be4babf5a148a4de0d50042d95d https://git.kernel.org/stable/c/d039535850ee47079d59527e96be18d8e0daa84b https://git.kernel.org/stable/c/ee84d37a5f08ed1121cdd16f8f3ed87552087a21

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:06:06.511Z

Updated: 2026-05-23T15:25:12.859Z

Reserved: 2025-12-24T13:02:21.547Z

Link: CVE-2022-50777

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-24T13:16:04.537

Modified: 2026-04-15T00:35:42.020

Link: CVE-2022-50777

Redhat

Severity : Important

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2022-50777 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object