What is CVE-2022-50626?

CVE-2022-50626 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.19 onward and patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50626 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50626?

CVE-2022-50626 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50626?

Yes, CVE-2022-50626 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 2.6.19 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50626 actively exploited?

CVE-2022-50626 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50626

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Syzbot reports a memory leak in "dvb_usb_adapter_init()". The leak is due to not accounting for and freeing current iteration's adapter->priv in case of an error. Currently if an error occurs, it will exit before incrementing "num_adapters_initalized", which is used as a reference counter to free all adap->priv in "dvb_usb_adapter_exit()". There are multiple error paths that can exit from before incrementing the counter. Including the error handling paths for "dvb_usb_adapter_stream_init()", "dvb_usb_adapter_dvb_init()" and "dvb_usb_adapter_frontend_init()" within "dvb_usb_adapter_init()". This means that in case of an error in any of these functions the current iteration is not accounted for and the current iteration's adap->priv is not freed. Fix this by freeing the current iteration's adap->priv in the "stream_init_err:" label in the error path. The rest of the (accounted for) adap->priv objects are freed in dvb_usb_adapter_exit() as expected using the num_adapters_initalized variable. Syzbot report: BUG: memory leak unreferenced object 0xffff8881172f1a00 (size 512): comm "kworker/0:2", pid 139, jiffies 4294994873 (age 10.960s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff844af012>] dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:75 [inline] [<ffffffff844af012>] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:184 [inline] [<ffffffff844af012>] dvb_usb_device_init.cold+0x4e5/0x79e drivers/media/usb/dvb-usb/dvb-usb-init.c:308 [<ffffffff830db21d>] dib0700_probe+0x8d/0x1b0 drivers/media/usb/dvb-usb/dib0700_core.c:883 [<ffffffff82d3fdc7>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<ffffffff8274ab37>] call_driver_probe drivers/base/dd.c:542 [inline] [<ffffffff8274ab37>] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621 [<ffffffff8274ae6c>] really_probe drivers/base/dd.c:583 [inline] [<ffffffff8274ae6c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752 [<ffffffff8274af6a>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:782 [<ffffffff8274b786>] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:899 [<ffffffff82747c87>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427 [<ffffffff8274b352>] __device_attach+0x122/0x260 drivers/base/dd.c:970 [<ffffffff827498f6>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487 [<ffffffff82745cdb>] device_add+0x5fb/0xdf0 drivers/base/core.c:3405 [<ffffffff82d3d202>] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170 [<ffffffff82d4dbfc>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<ffffffff82d3f49c>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<ffffffff8274ab37>] call_driver_probe drivers/base/dd.c:542 [inline] [<ffffffff8274ab37>] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621 [<ffffffff8274ae6c>] really_probe drivers/base/dd.c:583 [inline] [<ffffffff8274ae6c>] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752

Package Linux Kernel

Published 2025-12-08

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.19 and later are affected. Fixed in 4.9.337, 4.14.303, 4.19.270, 5.4.229, 5.10.163, 5.15.86, 6.0.16, 6.1.2, 6.2 and their respective stable series.

Affected from

≥ 2.6.19

Fixed in

✓ 4.9.337 4.9.x ✓ 4.14.303 4.14.x ✓ 4.19.270 4.19.x ✓ 5.4.229 5.4.x ✓ 5.10.163 5.10.x ✓ 5.15.86 5.15.x ✓ 6.0.16 6.0.x ✓ 6.1.2 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50626 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/17217737c174883dd975885ab4bee4b00f517239
Patch
Kernel patch commit
https://git.kernel.org/stable/c/21b6b0c9f3796e6917e90db403dae9e74025fc40
Patch
Kernel patch commit
https://git.kernel.org/stable/c/733bc9e226da2a7f43b10031b8ebfc26d89ec4bd
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50626?

CVE-2022-50626 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.19 onward and has been patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50626 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50626?

Yes — CVE-2022-50626 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 2.6.19 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50626 actively exploited?

No — CVE-2022-50626 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.