CVE-2022-50854
Description
In the Linux kernel, the following vulnerability has been resolved:
nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
skb should be free in virtual_nci_send(), otherwise kmemleak will report memleak.
Steps for reproduction (simulated in qemu): cd tools/testing/selftests/nci make ./nci_dev
BUG: memory leak unreferenced object 0xffff888107588000 (size 208): comm "nci_dev", pid 206, jiffies 4294945376 (age 368.248s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000008d94c8fd>] __alloc_skb+0x1da/0x290 [<00000000278bc7f8>] nci_send_cmd+0xa3/0x350 [<0000000081256a22>] nci_reset_req+0x6b/0xa0 [<000000009e721112>] __nci_request+0x90/0x250 [<000000005d556e59>] nci_dev_up+0x217/0x5b0 [<00000000e618ce62>] nfc_dev_up+0x114/0x220 [<00000000981e226b>] nfc_genl_dev_up+0x94/0xe0 [<000000009bb03517>] genl_family_rcv_msg_doit.isra.14+0x228/0x2d0 [<00000000b7f8c101>] genl_rcv_msg+0x35c/0x640 [<00000000c94075ff>] netlink_rcv_skb+0x11e/0x350 [<00000000440cfb1e>] genl_rcv+0x24/0x40 [<0000000062593b40>] netlink_unicast+0x43f/0x640 [<000000001d0b13cc>] netlink_sendmsg+0x73a/0xbf0 [<000000003272487f>] __sys_sendto+0x324/0x370 [<00000000ef9f1747>] __x64_sys_sendto+0xdd/0x1b0 [<000000001e437841>] do_syscall_64+0x3f/0x90
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in Linux kernel's virtual_nci_send() can lead to resource exhaustion; patch available.
Vulnerability
CVE-2022-50854 describes a memory leak in the Linux kernel's NFC virtual device driver (virtual_ncidev). The function virtual_nci_send() allocates an skb (socket buffer) but fails to free it before returning, causing the allocated memory to remain unreferenced. This was discovered through the nci_dev selftest, which triggers the leak via nci_send_cmd() and nci_reset_req() [1].
Exploitation
The vulnerability can be reproduced locally by running the nci_dev test from tools/testing/selftests/nci. No special privileges beyond access to the virtual NFC device are required; the test simulates NFC device operations that call virtual_nci_send(). An attacker with local user access could repeatedly trigger the leak to exhaust system memory.
Impact
A local attacker can cause a denial-of-service (DoS) condition by exhausting kernel memory through repeated allocation of skb structures that are never freed. The leak is visible via kmemleak and can lead to system instability or crash.
Mitigation
The fix is included in the Linux kernel stable tree as commit e840d8f4a1b3 [1]. Users should update to a kernel version containing this patch or apply the fix manually. No workaround is available other than applying the patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
388e879c9f5952c46a9a5f0b1e840d8f4a1b3Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.