VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2022-50830

CVE-2022-50830

Description

In the Linux kernel, the following vulnerability has been resolved:

auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()

hd44780_probe() allocates a memory chunk for hd with kzalloc() and makes "lcd->drvdata->hd44780" point to it. When we call hd44780_remove(), we should release all relevant memory and resource. But "lcd->drvdata ->hd44780" is not released, which will lead to a memory leak.

We should release the "lcd->drvdata->hd44780" in hd44780_remove() to fix the memory leak bug.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's hd44780 auxdisplay driver occurs when the remove function can lead to resource exhaustion.

Vulnerability

Description

In the Linux kernel, the hd44780 driver for character LCD displays contains a memory leak in its hd44780_remove() function. During device driver allocates a memory chunk for the hd structure using kzalloc() during hd44780_probe(), and stores a pointer to it in lcd->drvdata->hd44780. However, when the driver is removed via hd44780_remove(), this allocated memory is not freed, leading to a memory leak [1].

Exploitation

This vulnerability is triggered during normal driver removal, such as when the associated hardware is unbound or the module is unloaded. No special privileges or network access are required; an attacker with local access to trigger driver removal (e.g., via hotplug or module unloading) could repeatedly cause the leak. The attack surface is limited to systems using the affected driver and where an attacker can influence device removal [1].

Impact

An attacker who can repeatedly trigger the hd44780_remove() path can exhaust kernel memory, potentially leading to denial of service (system instability or crash). The leak is per-removal event, so sustained exploitation could degrade system performance over time [1].

Mitigation

The fix is included in the Linux kernel stable tree as commit 5d407911e605702ffcc0e97a6db546592ab27dd0. Users should update to a kernel version containing this patch. No workaround is available other than avoiding driver removal on affected systems [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

4
8311961a1724
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
6cd37f8232f5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
5d407911e605
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ddf75a86aba2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.