CVE-2022-50776

Vulnerability

Incorrect Error Handling Causes Memory Leak

CVE-2022-50776 describes a memory leak in the Linux kernel's ST clock driver (clk: st), specifically in the function st_of_quadfs_setup(). The vulnerability arises because when the call to st_clk_register_quadfs_pll() fails, the code does not free the @lock variable before jumping to the @err_exit error-handling label. This oversight can lead to a memory leak over time. [1][2]

##Attack Vector and Preconditions

Exploitation requires that the kernel be configured with the affected driver (CONFIG_CLK_ST) and that a failure occurs during the registration of a quadfs PLL. This can happen due to hardware errors, resource exhaustion, or possibly through deliberate triggering by an attacker who can influence clock initialization—such as by hot-plugging or manipulating device tree data. No special privileges beyond the ability to trigger clock registration are needed, though the attacker must be able to cause the allocation of @lock and then induce a failure in st_clk_register_quadfs_pll(). [1][2]

##Impact

If an attacker can repeatedly cause repeated failures, the kernel's memory will be gradually exhausted (denial of service). The leak itself, leading to system instability or crash. Since this is a kernel memory leak, it could potentially be combined with other vulnerabilities or used as a component in a more complex attack, but the primary risk is denial of service. [1][2]

##Mitigation

The fix, which ensures @lock is freed before the error exit, has been applied to the Linux kernel stable trees. Users should update to a kernel version that includes the commit adf6a00859d0 or later. No workaround other than patching is available. [1][2][3][4]