{ "threat_severity" : "Low", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: rtc: class: Fix potential memleak in devm_rtc_allocate_device()", "id" : "2401470", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401470" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nrtc: class: Fix potential memleak in devm_rtc_allocate_device()\ndevm_rtc_allocate_device() will alloc a rtc_device first, and then run\ndev_set_name(). If dev_set_name() failed, the rtc_device will memleak.\nMove devm_add_action_or_reset() in front of dev_set_name() to prevent\nmemleak.\nunreferenced object 0xffff888110a53000 (size 2048):\ncomm \"python3\", pid 470, jiffies 4296078308 (age 58.882s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 08 30 a5 10 81 88 ff ff .........0......\n08 30 a5 10 81 88 ff ff 00 00 00 00 00 00 00 00 .0..............\nbacktrace:\n[<000000004aac0364>] kmalloc_trace+0x21/0x110\n[<000000000ff02202>] devm_rtc_allocate_device+0xd4/0x400\n[<000000001bdf5639>] devm_rtc_device_register+0x1a/0x80\n[<00000000351bf81c>] rx4581_probe+0xdd/0x110 [rtc_rx4581]\n[<00000000f0eba0ae>] spi_probe+0xde/0x130\n[<00000000bff89ee8>] really_probe+0x175/0x3f0\n[<00000000128e8d84>] __driver_probe_device+0xe6/0x170\n[<00000000ee5bf913>] device_driver_attach+0x32/0x80\n[<00000000f3f28f92>] bind_store+0x10b/0x1a0\n[<000000009ff812d8>] drv_attr_store+0x49/0x70\n[<000000008139c323>] sysfs_kf_write+0x8d/0xb0\n[<00000000b6146e01>] kernfs_fop_write_iter+0x214/0x2d0\n[<00000000ecbe3895>] vfs_write+0x61a/0x7d0\n[<00000000aa2196ea>] ksys_write+0xc8/0x190\n[<0000000046a600f5>] do_syscall_64+0x37/0x90\n[<00000000541a336f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50477\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50477\nhttps://lore.kernel.org/linux-cve-announce/2025100438-CVE-2022-50477-1815@gregkh/T" ], "name" : "CVE-2022-50477", "csaw" : false }