VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2022-50658

CVE-2022-50658

Description

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: qcom: fix memory leak in error path

If for some reason the speedbin length is incorrect, then there is a memory leak in the error path because we never free the speedbin buffer. This commit fixes the error path to always free the speedbin buffer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's QCOM cpufreq driver occurs when an incorrect speedbin length triggers an error path that fails to free the speedbin buffer.

Vulnerability

The vulnerability is a memory leak in the cpufreq driver for Qualcomm (QCOM) platforms in the Linux kernel. When the driver detects an incorrect speedbin length during initialization, the error handling path does not free the allocated speedbin buffer, causing the memory to be leaked [1].

Exploitation

An attacker would need to be able to influence the speedbin length read from firmware or device tree, potentially through a malicious firmware update or by exploiting another vulnerability to corrupt the configuration data. No authentication is required beyond normal system access that can trigger driver initialization [2].

Impact

Repeated triggering of the error path can exhaust kernel memory, leading to a denial of service. The impact is limited to memory depletion; there is no immediate remote code execution or privilege escalation.

Mitigation

The issue is fixed in the Linux kernel by ensuring the speedbin buffer is freed in the error path. Patches have been applied to stable kernel branches [1][2]. Users should update their kernels to include the fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
e55feb31df3f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b5606e3ab1f7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b6ea267e0c6b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9f42cf54403a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.