CVE-2022-50644

Vulnerability

Overview

CVE-2022-50644 is a reference leak vulnerability in the Linux kernel's clk: ti: dra7-atl driver. The root cause is that the function of_dra7_atl_clk_probe() calls pm_runtime_get_sync() to increment the PM usage counter, but in certain error paths the corresponding pm_runtime_put_sync() is missing. This oversight means that when an error occurs during probe, the PM runtime reference count is not decrement is skipped, causing a permanent imbalance.

Exploitation and

Impact

An attacker would need to trigger an error condition in the DRA7 ATL clock probe path, which could be achieved by loading the driver on a system with the DRA7 hardware or by manipulating device tree entries. No special privileges are required beyond the ability to cause the driver to probe (e.g., via hotplug or module loading). The impact is a gradual depletion of the PM runtime reference count, which can prevent the device from entering low-power states and may eventually lead to resource exhaustion or denial of service. The vulnerability does not allow arbitrary code execution or privilege escalation.

Mitigation

The fix was applied in the Linux kernel stable tree with commits [1], [2], and [3], and [3], which add the missing pm_runtime_put_sync() calls in the error paths. Users should update to a kernel version containing these patches. No workarounds are documented; the issue is resolved by applying the kernel update.