5.5

CVE-2022-50400

EPSS 0.02%
Veröffentlicht 18.09.2025 13:58:41
Zuletzt bearbeitet 12.12.2025 20:38:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

staging: greybus: audio_helper: remove unused and wrong debugfs usage

In the greybus audio_helper code, the debugfs file for the dapm has the
potential to be removed and memory will be leaked.  There is also the
very real potential for this code to remove ALL debugfs entries from the
system, and it seems like this is what will really happen if this code
ever runs.  This all is very wrong as the greybus audio driver did not
create this debugfs file, the sound core did and controls the lifespan
of it.

So remove all of the debugfs logic from the audio_helper code as there's
no way it could be correct.  If this really is needed, it can come back
with a fixup for the incorrect usage of the debugfs_lookup() call which
is what caused this to be noticed at all.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.150

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.75

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.17

Linux ≫ Linux Kernel Version >= 6.0 < 6.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/d0febad83e29d85bb66e4f5cac0115b022403338

Patch

https://git.kernel.org/stable/c/4dab0d27a4211a27135a6899d6c737e6e0759a11

Patch

https://git.kernel.org/stable/c/5699afbff1fa2972722e863906c0320d55dd4d58

Patch

https://git.kernel.org/stable/c/d835fa49d9589a780ff0d001bb7e6323238a4afb

Patch

https://git.kernel.org/stable/c/d517cdeb904ddc0cbebcc959d43596426cac40b0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50400

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50400

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50400

EUVD