{
  "threat_severity" : "Low",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Memory leak in vdpa_sim leading to denial of service",
    "id" : "2424985",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2424985"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()\nInject fault while probing module, if device_register() fails in\nvdpasim_net_init() or vdpasim_blk_init(), but the refcount of kobject is\nnot decreased to 0, the name allocated in dev_set_name() is leaked.\nFix this by calling put_device(), so that name can be freed in\ncallback function kobject_cleanup().\n(vdpa_sim_net)\nunreferenced object 0xffff88807eebc370 (size 16):\ncomm \"modprobe\", pid 3848, jiffies 4362982860 (age 18.153s)\nhex dump (first 16 bytes):\n76 64 70 61 73 69 6d 5f 6e 65 74 00 6b 6b 6b a5  vdpasim_net.kkk.\nbacktrace:\n[<ffffffff8174f19e>] __kmalloc_node_track_caller+0x4e/0x150\n[<ffffffff81731d53>] kstrdup+0x33/0x60\n[<ffffffff83a5d421>] kobject_set_name_vargs+0x41/0x110\n[<ffffffff82d87aab>] dev_set_name+0xab/0xe0\n[<ffffffff82d91a23>] device_add+0xe3/0x1a80\n[<ffffffffa0270013>] 0xffffffffa0270013\n[<ffffffff81001c27>] do_one_initcall+0x87/0x2e0\n[<ffffffff813739cb>] do_init_module+0x1ab/0x640\n[<ffffffff81379d20>] load_module+0x5d00/0x77f0\n[<ffffffff8137bc40>] __do_sys_finit_module+0x110/0x1b0\n[<ffffffff83c4d505>] do_syscall_64+0x35/0x80\n[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n(vdpa_sim_blk)\nunreferenced object 0xffff8881070c1250 (size 16):\ncomm \"modprobe\", pid 6844, jiffies 4364069319 (age 17.572s)\nhex dump (first 16 bytes):\n76 64 70 61 73 69 6d 5f 62 6c 6b 00 6b 6b 6b a5  vdpasim_blk.kkk.\nbacktrace:\n[<ffffffff8174f19e>] __kmalloc_node_track_caller+0x4e/0x150\n[<ffffffff81731d53>] kstrdup+0x33/0x60\n[<ffffffff83a5d421>] kobject_set_name_vargs+0x41/0x110\n[<ffffffff82d87aab>] dev_set_name+0xab/0xe0\n[<ffffffff82d91a23>] device_add+0xe3/0x1a80\n[<ffffffffa0220013>] 0xffffffffa0220013\n[<ffffffff81001c27>] do_one_initcall+0x87/0x2e0\n[<ffffffff813739cb>] do_init_module+0x1ab/0x640\n[<ffffffff81379d20>] load_module+0x5d00/0x77f0\n[<ffffffff8137bc40>] __do_sys_finit_module+0x110/0x1b0\n[<ffffffff83c4d505>] do_syscall_64+0x35/0x80\n[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0", "A flaw was found in the vdpa_sim component of the Linux kernel. This memory leak vulnerability occurs when a module is probed and the device_register() function fails within vdpasim_net_init() or vdpasim_blk_init(). In such a scenario, the reference count of the kobject is not properly decreased, leading to the leakage of the allocated device name. A local attacker could exploit this flaw to cause a denial of service (DoS) due to resource exhaustion." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50702\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50702\nhttps://lore.kernel.org/linux-cve-announce/2025122418-CVE-2022-50702-c339@gregkh/T" ],
  "name" : "CVE-2022-50702",
  "csaw" : false
}