CVE-2022-50474 in Linux
Summary
by MITRE • 10/04/2025
In the Linux kernel, the following vulnerability has been resolved:
macintosh: fix possible memory leak in macio_add_one_device()
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically. It needs to be freed when of_device_register() fails. Call put_device() to give up the reference that's taken in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hits 0.
macio device is freed in macio_release_dev(), so the kfree() can be removed.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/01/2026
The vulnerability identified as CVE-2022-50474 resides within the Linux kernel's macintosh subsystem, specifically addressing a memory management issue in the macio_add_one_device() function. This flaw emerged following a significant kernel commit that altered how device names are handled, transitioning from static allocation to dynamic memory management. The change introduced a critical oversight in error handling procedures that could lead to memory leaks when device registration fails. The vulnerability represents a classic case of improper resource cleanup in kernel space, where dynamically allocated memory is not properly released under failure conditions, creating potential memory exhaustion scenarios that could impact system stability and performance.
The technical implementation of this vulnerability stems from the modification to the driver core that eliminated the struct device's bus_id string array, replacing it with dynamic allocation. When of_device_register() fails during device initialization, the system must properly clean up all allocated resources, including the dynamically allocated device name string. The flaw occurs because the code fails to call put_device() to release the reference that was taken during device_initialize(), which should have been handled to ensure proper cleanup. This oversight means that when device registration fails, the allocated memory for the device name remains unreleased, creating a memory leak that accumulates over time and potentially leads to system resource exhaustion.
The operational impact of CVE-2022-50474 extends beyond simple memory consumption issues, as it represents a potential denial of service vector within embedded macintosh systems that rely on the macio device driver. The vulnerability affects systems running Linux kernels where macintosh hardware is present, particularly those utilizing the macio bus controller for device management. Attackers could potentially exploit this memory leak by repeatedly triggering device registration failures, leading to progressive memory exhaustion that could cause system instability or complete system hangs. The vulnerability also demonstrates poor adherence to kernel memory management best practices, as it fails to properly implement the reference counting mechanism that should ensure automatic cleanup of dynamically allocated resources.
Mitigation strategies for CVE-2022-50474 involve applying the upstream kernel patch that corrects the resource management issue by ensuring proper cleanup of dynamically allocated device names when of_device_register() fails. The fix requires calling put_device() to release the reference taken during device initialization, allowing the kobject_cleanup() function to properly free the memory when the reference count reaches zero. Additionally, system administrators should ensure their macintosh systems are updated to kernel versions that include this patch, particularly those running older kernel versions where the vulnerability remains unpatched. The fix aligns with CWE-401 standards for memory leak prevention and follows ATT&CK techniques related to system resource exhaustion, where proper resource management is crucial for maintaining system stability and preventing denial of service conditions in embedded systems.