PT-2025-25964 · Linux+2 · Linux Kernel+2

Published

2022-07-26

Updated

2025-11-13

CVE-2022-50038

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A issue has been identified in the Linux kernel, specifically in the meson vpu has available connectors() function. This function contains two refcount leak bugs. The first bug occurs when breaking out of for each endpoint of node(), where of node put() should be called for the ep. The second bug is related to the reference returned by of graph get remote port(), which should be released with of node put() when no longer used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911CWE-664

Related Identifiers

BDU:2026-02791

CVE-2022-50038

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-25964 · Linux+2 · Linux Kernel+2

CVE-2022-50038

Weakness Enumeration

Related Identifiers

Affected Products

References · 607