CVE-2022-50457

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3+ #54

Description The Linux kernel contains a flaw in the del mtd device() function related to reference counting. Specifically, the function calls of node put() on a potentially cleared device node pointer, leading to a reference count leak. This occurs because memset(&mtd->dev, 0) is called before of node put(), which can result in of node put(NULL) having no effect. The issue is fixed by caching the pointer of the device node. The error manifests as an unbalanced of node get()/of node put() resulting in a memory leak.

Recommendations Update to a version newer than 6.1.0-rc3+ #54 to address this issue.