CVE-2022-50660 in Linuxinfo

Summary

by MITRE • 12/09/2025

In the Linux kernel, the following vulnerability has been resolved:

wifi: ipw2200: fix memory leak in ipw_wdev_init()

In the error path of ipw_wdev_init(), exception value is returned, and the memory applied for in the function is not released. Also the memory is not released in ipw_pci_probe(). As a result, memory leakage occurs. So memory release needs to be added to the error path of ipw_wdev_init().

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 03/29/2026

The vulnerability identified as CVE-2022-50660 represents a critical memory management flaw within the Linux kernel's wireless networking subsystem, specifically affecting the ipw2200 driver implementation. This issue resides in the wifi subsystem where the kernel handles wireless network interface operations for Intel PRO/Wireless 2200BG and 2200BG-based devices. The vulnerability manifests as a memory leak that occurs during the initialization process of wireless device components, creating persistent resource consumption that can degrade system performance over time.

The technical flaw exists within the ipw_wdev_init() function where proper error handling mechanisms fail to release allocated memory resources when exceptional conditions occur during device initialization. According to CWE-401, this represents a classic memory leak vulnerability where dynamic memory allocation occurs without corresponding deallocation in error paths. The kernel's wireless driver code does not implement proper cleanup routines in the error handling branches, causing allocated memory blocks to remain in use even when the initialization process fails. Additionally, the ipw_pci_probe() function exhibits similar memory management deficiencies, indicating a broader pattern of inadequate resource cleanup throughout the driver initialization sequence.

The operational impact of this memory leak vulnerability extends beyond simple resource consumption, as it can lead to progressive system degradation and potential denial of service conditions. When wireless network interfaces are repeatedly initialized or when error conditions occur during driver loading, the accumulating memory leaks can exhaust available system memory, particularly affecting embedded systems or devices with limited resources. This vulnerability affects Linux kernel versions where the ipw2200 driver is active, potentially compromising system stability and performance in environments where wireless networking is heavily utilized. The memory leak can be particularly problematic in server environments or network appliances where wireless interfaces may be initialized frequently during system operations or maintenance activities.

Mitigation strategies for CVE-2022-50660 require immediate implementation of proper error path handling within the kernel driver code. System administrators should prioritize updating to kernel versions that include the patched ipw_wdev_init() function with appropriate memory cleanup routines in error conditions. The fix involves adding explicit memory release calls in all error paths of the ipw_wdev_init() function, ensuring that any dynamically allocated memory is properly freed regardless of initialization success or failure. Additionally, system monitoring should be implemented to detect memory consumption patterns that may indicate memory leak accumulation. Organizations should also consider implementing automated patch management processes to ensure timely deployment of kernel security updates. According to ATT&CK framework technique T1070.004, this vulnerability could be exploited by adversaries to perform resource exhaustion attacks, making proper mitigation essential for maintaining system availability and security posture.

Responsible

Linux

Reservation

12/09/2025

Disclosure

12/09/2025

Moderation

accepted

CPE

ready

EPSS

0.00219

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!