In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up the reference in the error path, so that the name can be freed in kobject_cleanup(), and the 'rdev' can be freed in rio_release_dev().

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/3b4676f274a6b5d001176f15d0542100bbf4b59a cve-icon cve-icon
https://git.kernel.org/stable/c/440afd7fd9b164fdde6fc9da8c47d3d7f20dcce8 cve-icon cve-icon
https://git.kernel.org/stable/c/80fad2e53eaed2b3a2ff596575f65669e13ceda5 cve-icon cve-icon
https://git.kernel.org/stable/c/85fbf58b15c09d3a6a03098c1e42ebfe9002f39d cve-icon cve-icon
https://git.kernel.org/stable/c/88fa351b20ca300693a206ccd3c4b0e0647944d8 cve-icon cve-icon
https://git.kernel.org/stable/c/c413f65011ff8caffabcde0e1c3ceede48a48d6f cve-icon cve-icon
https://git.kernel.org/stable/c/c482cb0deb57924335103fe592c379a076d867f8 cve-icon cve-icon
https://git.kernel.org/stable/c/ec3f04f74f50d0b6bac04d795c93c2b852753a7a cve-icon cve-icon
https://git.kernel.org/stable/c/f9574cd48679926e2a569e1957a5a1bcc8a719ac cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091639-CVE-2022-50343-75e3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50343 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50343 cve-icon
History

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Wed, 17 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 16 Sep 2025 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up the reference in the error path, so that the name can be freed in kobject_cleanup(), and the 'rdev' can be freed in rio_release_dev().
Title rapidio: fix possible name leaks when rio_add_device() fails
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-16T16:11:22.514Z

Updated: 2025-09-16T16:11:35.603Z

Reserved: 2025-09-16T16:03:27.881Z

Link: CVE-2022-50343

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-16T17:15:33.923

Modified: 2025-09-17T14:18:55.093

Link: CVE-2022-50343

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-09-16T00:00:00Z

Links: CVE-2022-50343 - Bugzilla