{ "threat_severity" : "Low", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/amd: fix potential memory leak", "id" : "2401537", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401537" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd: fix potential memory leak\nThis patch fix potential memory leak (clk_src) when function run\ninto last return NULL.\ns/free/kfree/ - Alex", "A memory leak was found in the Linux kernel's AMD display driver in the clock source initialization logic. When the initialization function encounters an error in its final return path, allocated memory for the clk_src structure is not freed before returning NULL. This results in leaked memory that accumulates with repeated initialization attempts, leading to resource exhaustion and denial of service." ], "statement" : "The AMD display driver allocates memory for clock source structures during hardware initialization. In one particular error path—specifically, when the function reaches its last return NULL statement—the code fails to free the previously allocated clk_src memory. While this appears to be a straightforward oversight, it can become significant during scenarios where initialization repeatedly fails, such as during hardware probing, driver reload cycles, or error recovery attempts. Each failed initialization leaves behind orphaned memory that cannot be reclaimed. The leak is specific to AMD display hardware and manifests during driver initialization rather than during normal runtime operation.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50479\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50479\nhttps://lore.kernel.org/linux-cve-announce/2025100439-CVE-2022-50479-de1c@gregkh/T" ], "name" : "CVE-2022-50479", "mitigation" : { "value" : "To mitigate this issue, prevent the amdgpu module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.", "lang" : "en:us" }, "csaw" : false }