Memory Leak in Linux Kernel Affecting r6040 Ethernet Device

CVE-2022-50545

What is CVE-2022-50545?

A memory leak vulnerability has been identified in the Linux kernel affecting the r6040 Ethernet device driver. This issue arises when a physical device (phy_device) is not correctly disconnected during the probe and remove processes, leading to unreferenced memory allocations. The vulnerability occurs during the registration of Ethernet devices when multiple phy_devices are in use. If one device is removed, references to the other phy_devices are not appropriately managed, causing memory that should be freed to remain allocated. This oversight can contribute to system performance degradation over time due to rising memory consumption. The issue has been rectified by implementing phy_disconnect() in the error handling path and during device removal, ensuring that resources are properly released.

References