CVE-2022-50572

Vulnerability

A refcount leak vulnerability exists in the Linux kernel's ASoC audio-graph-card driver. In the function __graph_for_each_link(), the of_get_next_child() call returns a device node with its reference count incremented. However, in the error path of the while loop, of_node_put() is not called for cpu_ep, causing the reference count to remain elevated and the node to never be freed [1][2][3].

Exploitation

This vulnerability can be triggered by a local attacker with the ability to load or manipulate Device Tree overlays that cause the error path to be taken in __graph_for_each_link(). No special privileges are required beyond the ability to trigger the driver's probing with a malformed or missing graph link [1][3].

Impact

An attacker can cause a memory leak in the kernel by repeatedly triggering the refcount leak, potentially exhausting kernel memory and leading to a denial of service (system crash or hang). The leak is small per occurrence but can accumulate over time [1][2].

Mitigation

The vulnerability is fixed by applying the upstream kernel patches referenced in [1], [2], and [3]. Users should update their kernel to a version that includes these commits. No workaround is known.