CVE-2022-50887
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /i2c/pmic@62/regulators/exten In of_get_regulator(), the node is returned from of_parse_phandle() with refcount incremented, after using it, of_node_put() need be called.
Affected versions
Linux kernel versions
3.3
and later are affected. Fixed in
4.9.337,
4.14.303,
4.19.270,
5.4.229,
5.10.163,
5.15.86,
6.0.16,
6.1.2,
6.2
and their respective stable series.
References
The following references provide additional information about CVE-2022-50887 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/0e88505ac0a6ae97746bcdbd4b042ee9f20455ae
-
PatchKernel patch commithttps://git.kernel.org/stable/c/2b93c58adddd98812ad928bbc2063038f3df1ffd
-
PatchKernel patch commithttps://git.kernel.org/stable/c/2f98469c3141f8e42ba11075a273fb795bbad57f
Frequently asked questions
-
What is CVE-2022-50887?
CVE-2022-50887 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.3 onward and has been patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50887 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2022-50887?
Yes — CVE-2022-50887 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 3.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2022-50887 actively exploited?
No — CVE-2022-50887 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.