CVE-2022-50672

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s mailbox component, specifically within the zynq-ipi module. When device register() fails, a memory leak occurs due to unreleased allocated memory from dev set name(). Additionally, attempting to unregister a device that was not fully added can lead to a kernel crash. The issue arises because the parent of the device is not null, and device unregister() is called within zynqmp ipi free mboxes(), resulting in a null pointer dereference. The fix involves calling put device() to free the allocated name and adding a check to zynqmp ipi free mboxes() to prevent the unregistration of a device that was not successfully registered.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.