CVE-2022-50669

high

Description

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release().

References

https://git.kernel.org/stable/c/a4cb1004aeed2ab893a058fad00a5b41a12c4691

https://git.kernel.org/stable/c/7525741cb302a1672b8c3a5edb2a08e4229b5c7c

https://git.kernel.org/stable/c/557b7de055d1e230ddb6664c29d26917b8db9143

https://git.kernel.org/stable/c/3299983a6bf628249ac650908e62d12de959341e

https://git.kernel.org/stable/c/2fce8b3583d1641a1716486f408478b58e96ec91

https://git.kernel.org/stable/c/0cd05062371a49774e8a45258bdedf0bd6d3d327

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-09

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00024