CVE-2022-50463 in Linux
Summary
by MITRE • 10/01/2025
In the Linux kernel, the following vulnerability has been resolved:
powerpc/52xx: Fix a resource leak in an error handling path
The error handling path of mpc52xx_lpbfifo_probe() has a request_irq() that is not balanced by a corresponding free_irq().
Add the missing call, as already done in the remove function.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/17/2026
The vulnerability identified as CVE-2022-50463 represents a resource leak in the Linux kernel's powerpc/52xx subsystem, specifically affecting the mpc52xx_lpbfifo_probe() function. This issue occurs within the error handling path of the device probe routine for the MPC52xx Low Power Bus FIFO driver, which is designed for Freescale MPC52xx processors. The flaw manifests when the driver encounters an error during initialization, failing to properly release a system interrupt resource that was previously requested.
The technical implementation of this vulnerability stems from an asymmetric resource management pattern within the device driver code. During normal operation, the mpc52xx_lpbfifo_probe() function successfully calls request_irq() to register an interrupt handler for the hardware FIFO device. However, when an error condition occurs during the probe sequence, the function follows an error handling path that neglects to invoke the corresponding free_irq() call to release the interrupt resource. This creates a persistent resource leak where the interrupt line remains allocated and registered with the system, preventing proper cleanup and reuse of the interrupt vector.
The operational impact of this resource leak extends beyond simple memory consumption, as it can lead to system instability and reduced availability of interrupt resources for other drivers and system components. When multiple instances of the faulty driver probe fail or when the driver is repeatedly loaded and unloaded, the accumulation of unreleased interrupt resources can eventually exhaust the system's available interrupt vector space. This condition particularly affects embedded systems running on MPC52xx processors where interrupt resources are limited and carefully managed. The vulnerability aligns with CWE-404, which addresses improper resource release or unbalanced resource management, and represents a classic example of a resource leak that can be exploited to cause denial of service conditions.
Mitigation strategies for this vulnerability require immediate patch application to the Linux kernel source code, ensuring that the missing free_irq() call is properly integrated into the error handling path of mpc52xx_lpbfifo_probe(). System administrators should prioritize updating affected kernel versions, particularly those running on embedded systems or industrial equipment based on MPC52xx processors. The fix follows established patterns already implemented in the driver's remove function, demonstrating a consistent approach to resource management within the same codebase. Organizations maintaining embedded systems or real-time applications on affected hardware should conduct thorough testing of kernel updates to ensure compatibility and stability. Additionally, monitoring systems should be implemented to detect potential interrupt resource exhaustion conditions that may indicate this vulnerability's presence, aligning with ATT&CK technique T1489 for system resource hijacking and resource exhaustion attacks.