CVE-2022-50809

Vulnerability

Details

The vulnerability resides in the xhci_alloc_dbc() function within the Linux kernel's xHCI driver for the Debug Capability (DbC). When the function detects that DbC is already in use, it returns NULL but fails to free the memory that was previously allocated for the xhci_dbc struct. This leads to a memory leak, as the allocated memory is never released.

Attack

Vector

This is a flaw in the kernel's memory management. The attack surface is local, requiring access to trigger the specific code path where DbC is already active. No special privileges beyond the ability to interact with the xHCI subsystem may be needed, as the condition can occur during normal system operations or driver initialization.

Impact

An attacker who can repeatedly trigger this code path could exhaust kernel memory, leading to a denial of service (DoS) condition. The leak is incremental with each failed allocation attempt, potentially causing system instability or crashes.

Mitigation

The fix was applied to the Linux kernel stable tree. Users should update to a kernel version that includes the patch commit d591b32e5196 or 116d6a696498 [1][2]. No workaround is available other than applying the patch.