CVE-2022-50872

Vulnerability

CVE-2022-50872 describes a memory leak in the Linux kernel's ARM OMAP2+ platform code, specifically within the realtime_counter_init() function. The function allocates a clock resource via clk_get() but fails to release it before returning, causing the allocated memory to remain unreclaimed.

Exploitation

This vulnerability can be triggered locally when the realtime_counter_init() function is called, typically during system initialization or when the realtime counter is accessed. No special privileges are required beyond normal system operation, making it accessible to any user or process that can invoke the relevant code path.

Impact

Repeated calls to the vulnerable function will gradually exhaust kernel memory, potentially leading to a denial-of-service condition where the system becomes unresponsive or crashes due to memory starvation.

Mitigation

The issue has been addressed in stable kernel updates. The fix commits are available in the kernel stable repository [1][2][3][4]. Users are advised to apply the latest kernel patches to remediate the vulnerability.