PT-2025-43088 · Linux+3 · Linux Kernel+3

Published

2022-11-09

Updated

2025-12-23

CVE-2022-50578

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a potential memory leak within the class register() function. Specifically, if class add groups() returns an error, the cp->subsys component needs to be unregistered, and the cp component needs to be freed. The original code could lead to a double free situation if kset unregister() was called. The issue is addressed by calling kobject del() and kfree const(name) to clean up the kobject, and kfree() to free the cp component. A fault injection test can trigger this issue, as demonstrated by the presence of unreferenced objects in memory during the modprobe process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-415

Related Identifiers

ALSA-2025_16880

BDU:2026-03913

CESA-2023_7077

CVE-2022-50578

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4320-1

SUSE-SU-2025:4515-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-43088 · Linux+3 · Linux Kernel+3

CVE-2022-50578

Weakness Enumeration

Related Identifiers

Affected Products

References · 508