CVE-2022-50702
Description
In the Linux kernel, the following vulnerability has been resolved:
vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()
Inject fault while probing module, if device_register() fails in vdpasim_net_init() or vdpasim_blk_init(), but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup().
(vdpa_sim_net) unreferenced object 0xffff88807eebc370 (size 16): comm "modprobe", pid 3848, jiffies 4362982860 (age 18.153s) hex dump (first 16 bytes): 76 64 70 61 73 69 6d 5f 6e 65 74 00 6b 6b 6b a5 vdpasim_net.kkk. backtrace: [] __kmalloc_node_track_caller+0x4e/0x150 [] kstrdup+0x33/0x60 [] kobject_set_name_vargs+0x41/0x110 [] dev_set_name+0xab/0xe0 [] device_add+0xe3/0x1a80 [] 0xffffffffa0270013 [] do_one_initcall+0x87/0x2e0 [] do_init_module+0x1ab/0x640 [] load_module+0x5d00/0x77f0 [] __do_sys_finit_module+0x110/0x1b0 [] do_syscall_64+0x35/0x80 [] entry_SYSCALL_64_after_hwframe+0x46/0xb0
(vdpa_sim_blk) unreferenced object 0xffff8881070c1250 (size 16): comm "modprobe", pid 6844, jiffies 4364069319 (age 17.572s) hex dump (first 16 bytes): 76 64 70 61 73 69 6d 5f 62 6c 6b 00 6b 6b 6b a5 vdpasim_blk.kkk. backtrace: [] __kmalloc_node_track_caller+0x4e/0x150 [] kstrdup+0x33/0x60 [] kobject_set_name_vargs+0x41/0x110 [] dev_set_name+0xab/0xe0 [] device_add+0xe3/0x1a80 [] 0xffffffffa0220013 [] do_one_initcall+0x87/0x2e0 [] do_init_module+0x1ab/0x640 [] load_module+0x5d00/0x77f0 [] __do_sys_finit_module+0x110/0x1b0 [] do_syscall_64+0x35/0x80 [] entry_SYSCALL_64_after_hwframe+0x46/0xb0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in vDPA simulator drivers when device_register() fails; names allocated by dev_set_name() are not freed.
Root
Cause
In the Linux kernel's vDPA simulator (vdpa_sim), the initialization functions vdpasim_net_init() and vdpasim_blk_init() create a device via device_register(). If that registration fails, the name allocated by dev_set_name() is leaked because the reference count of the underlying kobject is not properly decremented. The leaked name appears in kernel memory debug output as unreferenced objects (e.g., vdpasim_net or vdpasim_blk) [Official description].
Exploitation
This vulnerability can be triggered when a privileged user (or an attacker with module-loading capability) loads the vdpa_sim_net or vdpa_sim_blk kernel modules and a fault is injected during probe, causing device_register() to fail. The attack surface is limited to systems where these modules are explicitly loaded, and the attacker must be able to induce such a failure (e.g., via fault injection or specific hardware absence). No authentication beyond root/module-load privileges is required [Official description].
Impact
The primary impact is a memory leak of a small (16-byte) string per failed probe attempt. While not directly exploitable for code execution, repeated triggering could exhaust kernel memory, leading to denial of service. The leak is visible in the kernel's memory debug output (e.g., via kmemleak) [Official description].
Mitigation
The fix is implemented in the Linux kernel stable trees, where put_device() is called after a failed device_register() to ensure that the kobject's reference count reaches zero and the name is freed in the kobject_cleanup() callback [1][2]. Users should apply the latest stable kernel updates to resolve this issue.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
4aeca7ff25484586e6fd7d5815be953e353fe337c24d817e2Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.