CVE-2022-50574

Vulnerability

Description

In the Linux kernel's DRM subsystem for OMAP, the functions dss_init_ports() and __dss_uninit_ports() fail to release references obtained via of_graph_get_port_by_id(). This results in a reference count leak when error conditions occur or when the references are no longer needed [1][2][3].

Exploitation and

Impact

An attacker with local access could potentially trigger the leak by repeatedly causing device tree parsing errors, leading to memory exhaustion over time. The vulnerability requires no special privileges beyond the ability to trigger driver initialization or deinitialization, such as through hot-plug events or system resume. While not directly exploitable for code execution or privilege escalation, the leak degrades system reliability and could contribute to denial-of-service conditions.

Mitigation

The issue is fixed by adding calls to of_node_put() in the appropriate error and cleanup paths. Patches have been submitted and accepted into the Linux kernel stable tree, as seen in commits referenced by [1], [2], and [3]. Users are advised to apply the latest stable kernel updates from their distribution vendor.