CVE-2022-50823

Vulnerability

Overview

CVE-2022-50823 describes a reference count leak in the Linux kernel's tegra114_clock_init function. The function calls of_find_matching_node() which returns a device node pointer with its reference count incremented. After using the node, the code fails to call of_node_put() to decrement the decrement the reference count, causing a leak [1][1].

Exploitation and

Impact

This is a memory leak vulnerability that can be triggered during system initialization when the Tegra114 clock driver is loaded. An attacker with local access could repeatedly trigger the initialization path to exhaust kernel memory, leading to a denial-of-service condition. No special privileges beyond local access are required, as the leak occurs during normal boot or module loading][2].

Mitigation

The fix adds the missing of_node_put() call to properly release the node reference. The patch has been applied to the stable kernel tree and is available in commits such as e7a57fb92af5 and others][3][4]. Users should update to a kernel version containing the fix to prevent the memory leak.