Linux Kernel Vulnerability in Net Security Handling by Vendor
CVE-2022-50624
What is CVE-2022-50624?
A vulnerability in the Linux kernel has been identified in the network security component where improper error handling can lead to memory leaks and other issues. Specifically, when the phy_device_register() function fails, it is essential to call phy_device_free() to ensure that the reference count is managed correctly, allowing for the cleanup of memory associated with the PHY device and its name. Additionally, failing to call mdiobus_unregister() during errors in get_phy_device() can result in warnings and potential kobject memory leakage. This oversight underscores the importance of robust error management practices in network driver development.
Affected Version(s)
Linux 533dd11a12f698c571a12271b20f235792d3e148 < 728884b22d83148a330b23f9472f1e118b589211
Linux 533dd11a12f698c571a12271b20f235792d3e148
Linux 533dd11a12f698c571a12271b20f235792d3e148 < 62f0a08e82a6312efd7df7f595c0b11d4ffde610