{ "threat_severity" : "Low", "public_date" : "2025-10-22T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Memory leak in __class_register()", "id" : "2405724", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405724" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nclass: fix possible memory leak in __class_register()\nIf class_add_groups() returns error, the 'cp->subsys' need be\nunregister, and the 'cp' need be freed.\nWe can not call kset_unregister() here, because the 'cls' will\nbe freed in callback function class_release() and it's also\nfreed in caller's error path, it will cause double free.\nSo fix this by calling kobject_del() and kfree_const(name) to\ncleanup kobject. Besides, call kfree() to free the 'cp'.\nFault injection test can trigger this:\nunreferenced object 0xffff888102fa8190 (size 8):\ncomm \"modprobe\", pid 502, jiffies 4294906074 (age 49.296s)\nhex dump (first 8 bytes):\n70 6b 74 63 64 76 64 00 pktcdvd.\nbacktrace:\n[<00000000e7c7703d>] __kmalloc_track_caller+0x1ae/0x320\n[<000000005e4d70bc>] kstrdup+0x3a/0x70\n[<00000000c2e5e85a>] kstrdup_const+0x68/0x80\n[<000000000049a8c7>] kvasprintf_const+0x10b/0x190\n[<0000000029123163>] kobject_set_name_vargs+0x56/0x150\n[<00000000747219c9>] kobject_set_name+0xab/0xe0\n[<0000000005f1ea4e>] __class_register+0x15c/0x49a\nunreferenced object 0xffff888037274000 (size 1024):\ncomm \"modprobe\", pid 502, jiffies 4294906074 (age 49.296s)\nhex dump (first 32 bytes):\n00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff .@'7.....@'7....\n00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\nbacktrace:\n[<00000000151f9600>] kmem_cache_alloc_trace+0x17c/0x2f0\n[<00000000ecf3dd95>] __class_register+0x86/0x49a", "A flaw was found in the Linux kernel. This vulnerability allows a local attacker to cause a denial of service via a memory leak in the driver system's `__class_register()` function." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50578\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50578\nhttps://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50578-eb90@gregkh/T" ], "name" : "CVE-2022-50578", "csaw" : false }