VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2022-50882

CVE-2022-50882

Description

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Fix memory leak in uvc_gpio_parse

Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked.

Allocate the unit buffer after the IRQ to avoid it.

Addresses-Coverity-ID: 1474639 ("Resource leak")

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's UVC video driver, a memory leak occurs in uvc_gpio_parse() when the unit buffer is allocated before checking the IRQ for privacy GPIO, causing a leak on error.

Vulnerability

In the Linux kernel's UVC video4linux subsystem, the uvc_gpio_parse function in drivers/media/usb/uvc/uvc_driver.c contains a memory leak. The function allocates a unit buffer before checking the IRQ for the privacy GPIO. If the IRQ check fails, the allocated buffer is not freed, leading to a resource leak [1][2].

Exploitation

This vulnerability is triggered during device enumeration when the kernel parses UVC (USB Video Class) device descriptors. An attacker would need to connect a malicious USB device that causes the IRQ check to fail after the buffer allocation. No authentication is required, but physical or local USB access is necessary.

Impact

A successful exploit results in a memory leak, at minimum, a memory leak that can degrade system performance over time. Repeated exploitation could exhaust kernel memory, potentially leading to a denial-of-service condition.

Mitigation

The fix was applied in Linux kernel commits [1] and [2], which move the buffer allocation after the IRQ check. Users should update to a kernel version containing these commits. No workaround is available.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

4
6c5da92103bd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
deb8f32ae4b1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
4a7ae8d982a8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f0f078457f18
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.