Detections
Analytics

CVE-2022-50513

medium

Description

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly released. Besides, considering there are only two error paths and the first one can directly return, so we do not need implicitly jump to the `exit` tag to execute the error handler. So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error path to release the resource and simplified the return logic of rtw_init_cmd_priv(). As there is no proper device to test with, no runtime testing was performed.

References

https://git.kernel.org/stable/c/e6cc39db24a63f68314473621020ed8cad7be423

https://git.kernel.org/stable/c/e5d8f05edb36fc4ab15beec62cb6ab62f5a60fe2

https://git.kernel.org/stable/c/a5be64ff6d21f7805a91e6d81f53fc19cd9f0fae

https://git.kernel.org/stable/c/8db6ca84eee0ac258706f3fca54f7c021cb159ef

https://git.kernel.org/stable/c/708056fba733a73d926772ea4ce9a42d240345da

https://git.kernel.org/stable/c/39bef9c6a91bbb790d04c1347cfeae584541fb6a

Details

Source: Mitre, NVD

Published: 2025-10-07

Updated: 2025-10-08

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024