CVE-2022-50713

The vulnerability resides in the visconti_register_pll() function in the clock driver for the Visconti architecture. The function allocates memory for @pll->rate_table via kmemdup() but fails to free it when clk_hw_register() returns an error. This oversight results in a memory leak each time the registration fails, depleting system memory over time. [1]

Exploitation requires local access and the ability to trigger a failure in clk_hw_register(). This could be achieved by inducing memory pressure or other error conditions during clock registration. The attacker does not need special privileges beyond normal user access if the system permits interacting with the clock subsystem.

The immediate impact is memory exhaustion, leading to denial of service (system hang or crash). While not directly exploitable for code execution, the leak could corrupt memory if reused, potentially leading to information disclosure, though that is not confirmed.

The fix was introduced in the Linux kernel stable tree via commit f0f1982ddfb4. Users are advised to apply the patch or update to a kernel version containing the fix. There is no known workaround.