CVE-2022-50758

Vulnerability

In the Linux kernel's staging vt6655 wireless driver, the function device_init_td0_ring allocates memory for the td_info member of each ring entry priv->apTD0Rings[i] as i increases from 0. If an allocation fails partway through, the cleanup loop frees previously allocated entries in reverse order, but it incorrectly omits the case i=0, leaving that entry's memory allocated and causing a memory leak [1][2][3].

Exploitation

This is a local vulnerability that can be triggered during driver initialization when memory is scarce. An attacker with local access or the ability to exhaust system memory could cause the allocation to fail, leading to the leak. No special privileges beyond the ability to load or initialize the vt6655 driver are required.

Impact

A successful trigger results in a small memory leak each time the driver is initialized under low-memory conditions. Repeated exploitation could exhaust kernel memory, potentially leading to a denial-of-service (DoS) condition on the affected system.

Mitigation

The fix, which modifies the cleanup loop to include i=0, has been applied to the Linux kernel stable tree [1][2][3]. Users should update to a kernel version containing the commit to eliminate the leak.