CVE-2022-50624

Vulnerability

In the Linux kernel's netsec driver, the netsec_register_mdio() function lacks proper cleanup on error paths. If phy_device_register() fails, phy_device_free() is not called, resulting in a memory leak of the PHY device and its name. Similarly, if get_phy_device() fails, mdiobus_unregister() is omitted, leading to a warning in mdiobus_free() and a kobject leak [1][2][3].

Exploitation

This issue is triggerable during driver initialization when MDIO bus registration encounters errors. An attacker with local access could potentially induce such failures by manipulating system resources or hardware state, causing repeated driver probing to exhaust kernel memory. No special privileges beyond local access are required.

Impact

A local attacker could exploit this to cause denial of service by leaking kernel memory and kobjects, potentially leading to system instability or crash.

Mitigation

Patches have been applied to the Linux kernel stable tree. The fix ensures that phy_device_free() is called after phy_device_register() failure and mdiobus_unregister() is called after get_phy_device() failure. Users should update to a patched kernel version.