CVE-2022-50559

Vulnerability

In the Linux kernel's i.MX System Controller Unit (SCU) clock driver, a memory leak vulnerability exists when the platform_device_add() function fails. The driver does not perform any error handling or cleanup after a failure of platform_device_add(), leading to unreleased memory resources [1].

Exploitation

This vulnerability is triggered during the driver initialization process when adding a platform device. An attacker would need to cause the platform_device_add() call to fail, which could occur due to resource constraints or other system conditions. No special privileges or user interaction are required beyond the ability to trigger the device addition failure [1].

Impact

If exploited, the memory leak can gradually deplete system memory, potentially leading to denial of service (DoS) conditions. The vulnerability does not allow for code execution or privilege escalation, but it can degrade system stability and availability over time [1].

Mitigation

The fix adds proper error handling before returning from the function when platform_device_add() fails, ensuring that allocated resources are freed. The patch has been applied to the stable kernel tree and is available in the referenced commit [1]. Users should update their kernel to include this fix.