Refcount Leak Vulnerability in Qcom AOSS for Linux Kernel
CVE-2022-50194

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-50194?

A vulnerability has been identified in the handling of reference counts within the Linux kernel's Qcom AOSS subsystem. When utilizing the for_each_available_child_of_node() function, an early exit from the loop fails to properly manage the reference count, leading to a potential refcount leak. This issue is mitigated by incorporating a necessary call to of_node_put() on the child node when exiting the loop prematurely, ensuring proper memory management and stability of the system.

Affected Version(s)

Linux 05589b30b21ac0273970b61edd50c07d2ba156af

Linux 05589b30b21ac0273970b61edd50c07d2ba156af < 97713ed9b6cc4abaa2dcc8357113c56520dc6d7f

Linux 05589b30b21ac0273970b61edd50c07d2ba156af < 053543ac1d095132fcfd1263805d6e25afbdc6a8

References

https://git.kernel.org/stable/c/bc73c72a856c26df7410ddf15...

https://git.kernel.org/stable/c/97713ed9b6cc4abaa2dcc8357...

https://git.kernel.org/stable/c/053543ac1d095132fcfd12638...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Jun 18, 2025