CVE-2022-50734

Vulnerability

Analysis

A memory leak vulnerability exists in the Linux kernel's NVMEM (Non-Volatile Memory) subsystem. In the nvmem_register() function, dev_set_name() allocates memory for the device name (nvmem->dev.kobj.name). If the subsequent call to nvmem_validate_keepouts() fails, the function frees the nvmem structure but does not free the allocated device name, leading to a memory leak [1].

Exploitation

This is a local vulnerability that can be triggered by any user or process that can cause the NVMEM registration to fail during the keepouts validation step. No special privileges are required beyond the ability to trigger NVMEM device registration (e.g., via hotplug or driver binding). The attacker does not need to be authenticated to the system in a privileged sense, but must have the ability to interact with the NVMEM subsystem [1].

ImpactAn attacker who can repeatedly trigger this error path can exhaust kernel memory, leading to a denial-of-service (DoS) condition. The leak is per-failure, so repeated attempts can accumulate and eventually cause system instability or crash [1].

MitigationThe fix has been applied in the

Linux kernel stable tree. The patch moves the nvmem_validate_keepouts() call after device_register(), so that the device core handles cleanup of the device name in error cases. Users should update to a kernel version containing the commit 9391cc3a787a [1].