{
  "threat_severity" : "Low",
  "public_date" : "2025-12-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: media: dvb-usb: fix memory leak in dvb_usb_adapter_init()",
    "id" : "2419873",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419873"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmedia: dvb-usb: fix memory leak in dvb_usb_adapter_init()\nSyzbot reports a memory leak in \"dvb_usb_adapter_init()\".\nThe leak is due to not accounting for and freeing current iteration's\nadapter->priv in case of an error. Currently if an error occurs,\nit will exit before incrementing \"num_adapters_initalized\",\nwhich is used as a reference counter to free all adap->priv\nin \"dvb_usb_adapter_exit()\". There are multiple error paths that\ncan exit from before incrementing the counter. Including the\nerror handling paths for \"dvb_usb_adapter_stream_init()\",\n\"dvb_usb_adapter_dvb_init()\" and \"dvb_usb_adapter_frontend_init()\"\nwithin \"dvb_usb_adapter_init()\".\nThis means that in case of an error in any of these functions the\ncurrent iteration is not accounted for and the current iteration's\nadap->priv is not freed.\nFix this by freeing the current iteration's adap->priv in the\n\"stream_init_err:\" label in the error path. The rest of the\n(accounted for) adap->priv objects are freed in dvb_usb_adapter_exit()\nas expected using the num_adapters_initalized variable.\nSyzbot report:\nBUG: memory leak\nunreferenced object 0xffff8881172f1a00 (size 512):\ncomm \"kworker/0:2\", pid 139, jiffies 4294994873 (age 10.960s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace:\n[<ffffffff844af012>] dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:75 [inline]\n[<ffffffff844af012>] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:184 [inline]\n[<ffffffff844af012>] dvb_usb_device_init.cold+0x4e5/0x79e drivers/media/usb/dvb-usb/dvb-usb-init.c:308\n[<ffffffff830db21d>] dib0700_probe+0x8d/0x1b0 drivers/media/usb/dvb-usb/dib0700_core.c:883\n[<ffffffff82d3fdc7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n[<ffffffff8274ab37>] call_driver_probe drivers/base/dd.c:542 [inline]\n[<ffffffff8274ab37>] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621\n[<ffffffff8274ae6c>] really_probe drivers/base/dd.c:583 [inline]\n[<ffffffff8274ae6c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752\n[<ffffffff8274af6a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:782\n[<ffffffff8274b786>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:899\n[<ffffffff82747c87>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427\n[<ffffffff8274b352>] __device_attach+0x122/0x260 drivers/base/dd.c:970\n[<ffffffff827498f6>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487\n[<ffffffff82745cdb>] device_add+0x5fb/0xdf0 drivers/base/core.c:3405\n[<ffffffff82d3d202>] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170\n[<ffffffff82d4dbfc>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n[<ffffffff82d3f49c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n[<ffffffff8274ab37>] call_driver_probe drivers/base/dd.c:542 [inline]\n[<ffffffff8274ab37>] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621\n[<ffffffff8274ae6c>] really_probe drivers/base/dd.c:583 [inline]\n[<ffffffff8274ae6c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50626\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50626\nhttps://lore.kernel.org/linux-cve-announce/2025120853-CVE-2022-50626-a97f@gregkh/T" ],
  "name" : "CVE-2022-50626",
  "csaw" : false
}