VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2022-50561

CVE-2022-50561

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: fix memory leak in iio_device_register_eventset()

When iio_device_register_sysfs_group() returns failed, iio_device_register_eventset() needs to free attrs array.

Otherwise, kmemleak would scan & report memory leak as below:

unreferenced object 0xffff88810a1cc3c0 (size 32): comm "100-i2c-vcnl302", pid 728, jiffies 4295052307 (age 156.027s) backtrace: __kmalloc+0x46/0x1b0 iio_device_register_eventset at drivers/iio/industrialio-event.c:541 __iio_device_register at drivers/iio/industrialio-core.c:1959 __devm_iio_device_register at drivers/iio/industrialio-core.c:2040

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in Linux kernel's IIO subsystem (iio_device_register_eventset) when iio_device_register_sysfs_group fails, potentially exhausting memory.

In the Linux kernel, a memory leak vulnerability exists in the Industrial I/O (IIO) subsystem's event registration function iio_device_register_eventset(). When iio_device_register_sysfs_group() fails, the allocated attrs array is not freed, leading to a memory leak that can be detected by kmemleak [1][2].

Exploitation requires triggering a failure in the sysfs group registration during IIO device initialization. This can occur under specific conditions where the device probing encounters an error, possibly due to resource constraints or misconfiguration. No special privileges are needed beyond the ability to probe the IIO device [1].

The impact is a persistent memory leak that can exhaust system memory over time, leading to denial of service. The kernel kmemleak utility reports unreferenced objects of size 32 bytes from this code path [1].

Patches have been applied to stable kernel branches as referenced [1][2]. Users should update their kernels to include these fixes. No workaround is documented.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
dc6afd6070f3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
5de3add7509c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a154b1c139fb
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
86fdd15e10e4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.