CVE-2022-50477 in Linux
Summary
by MITRE • 10/04/2025
In the Linux kernel, the following vulnerability has been resolved:
rtc: class: Fix potential memleak in devm_rtc_allocate_device()
devm_rtc_allocate_device() will alloc a rtc_device first, and then run dev_set_name(). If dev_set_name() failed, the rtc_device will memleak. Move devm_add_action_or_reset() in front of dev_set_name() to prevent memleak.
unreferenced object 0xffff888110a53000 (size 2048): comm "python3", pid 470, jiffies 4296078308 (age 58.882s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 30 a5 10 81 88 ff ff .........0...... 08 30 a5 10 81 88 ff ff 00 00 00 00 00 00 00 00 .0.............. backtrace: [<000000004aac0364>] kmalloc_trace+0x21/0x110
[<000000000ff02202>] devm_rtc_allocate_device+0xd4/0x400
[<000000001bdf5639>] devm_rtc_device_register+0x1a/0x80
[<00000000351bf81c>] rx4581_probe+0xdd/0x110 [rtc_rx4581]
[<00000000f0eba0ae>] spi_probe+0xde/0x130
[<00000000bff89ee8>] really_probe+0x175/0x3f0
[<00000000128e8d84>] __driver_probe_device+0xe6/0x170
[<00000000ee5bf913>] device_driver_attach+0x32/0x80
[<00000000f3f28f92>] bind_store+0x10b/0x1a0
[<000000009ff812d8>] drv_attr_store+0x49/0x70
[<000000008139c323>] sysfs_kf_write+0x8d/0xb0
[<00000000b6146e01>] kernfs_fop_write_iter+0x214/0x2d0
[<00000000ecbe3895>] vfs_write+0x61a/0x7d0
[<00000000aa2196ea>] ksys_write+0xc8/0x190
[<0000000046a600f5>] do_syscall_64+0x37/0x90
[<00000000541a336f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/01/2026
The vulnerability described in CVE-2022-50477 represents a memory leak condition within the Linux kernel's real-time clock subsystem, specifically affecting the devm_rtc_allocate_device() function. This issue occurs during the device allocation process for RTC (Real-Time Clock) devices, where proper resource management fails to occur when certain initialization steps encounter failures. The flaw demonstrates a classic memory management oversight that can lead to gradual resource exhaustion over time, particularly in systems with frequent device probing operations.
The technical implementation of this vulnerability stems from the improper ordering of operations within the device allocation function. When devm_rtc_allocate_device() is called, it first allocates an rtc_device structure using kmalloc, followed by a call to dev_set_name() to assign a device name. The problem arises when dev_set_name() fails during this process, leaving the previously allocated rtc_device structure in memory without proper cleanup mechanisms. This memory leak occurs because the devm_add_action_or_reset() call, which is responsible for registering cleanup actions with the device manager, is positioned after the dev_set_name() call rather than before it.
This vulnerability directly relates to CWE-401, which categorizes memory leaks in software systems, and aligns with ATT&CK technique T1490, which covers resource exhaustion attacks that can be facilitated by memory leaks. The leak manifests as an unreferenced object with a size of 2048 bytes, as shown in the stack trace, and demonstrates how a single function call failure can result in persistent memory consumption. The memory leak occurs in the context of the rtc_rx4581 driver module, indicating that this issue affects specific RTC hardware implementations that utilize the problematic allocation function.
The operational impact of this vulnerability extends beyond simple memory consumption, as it can contribute to system instability and performance degradation over extended periods of operation. Systems running numerous RTC device probes or those with frequent device discovery cycles will experience progressive memory fragmentation and consumption, potentially leading to system slowdowns or resource exhaustion. The vulnerability is particularly concerning in embedded systems or server environments where RTC devices are frequently accessed or where long-running processes might trigger repeated allocation failures.
Mitigation strategies for this vulnerability require kernel-level fixes that ensure proper resource management regardless of initialization step outcomes. The recommended solution involves reordering the function calls within devm_rtc_allocate_device() to position devm_add_action_or_reset() before dev_set_name(), ensuring that cleanup actions are registered immediately upon allocation. This approach follows the principle of fail-fast resource management and aligns with the Linux kernel's device management best practices. System administrators should ensure they apply the relevant kernel patches as soon as possible, particularly in production environments where RTC devices are actively utilized, and monitor for memory consumption patterns that might indicate this leak has occurred in unpatched systems.