CVE-2022-50672 in Linux
Summary
by MITRE • 12/09/2025
In the Linux kernel, the following vulnerability has been resolved:
mailbox: zynq-ipi: fix error handling while device_register() fails
If device_register() fails, it has two issues: 1. The name allocated by dev_set_name() is leaked. 2. The parent of device is not NULL, device_unregister() is called in zynqmp_ipi_free_mboxes(), it will lead a kernel crash because of removing not added device.
Call put_device() to give up the reference, so the name is freed in kobject_cleanup(). Add device registered check in zynqmp_ipi_free_mboxes() to avoid null-ptr-deref.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/29/2026
The vulnerability CVE-2022-50672 resides within the Linux kernel's mailbox subsystem, specifically affecting the zynq-ipi driver used in Xilinx Zynq UltraScale+ MPSoC platforms. This issue represents a critical error handling flaw that occurs during device registration processes, where improper resource management leads to system instability and potential kernel crashes. The vulnerability demonstrates poor adherence to kernel development best practices and highlights the importance of proper reference counting and resource cleanup procedures in kernel space code.
The technical flaw manifests when the device_register() function fails during the initialization of mailbox devices. Under normal circumstances, the driver allocates memory for device names using dev_set_name() and subsequently registers the device with the kernel's device model. However, when device registration fails, the driver fails to properly clean up these allocated resources. The first issue involves memory leakage where the name allocated by dev_set_name() remains unreleased, creating a memory leak that can accumulate over time and potentially exhaust system resources. The second and more severe issue occurs when the device parent pointer is not properly handled, leading to a kernel crash when device_unregister() is called from zynqmp_ipi_free_mboxes() function.
The operational impact of this vulnerability is significant for embedded systems and hardware platforms utilizing Xilinx Zynq UltraScale+ MPSoC architectures. When a device registration fails, the kernel enters an inconsistent state where device cleanup operations attempt to remove devices that were never properly added to the system. This null pointer dereference scenario results in immediate system crashes and potential data loss, particularly in mission-critical applications where system stability is paramount. The vulnerability affects systems that rely on mailbox communication mechanisms for inter-core or inter-processor communication, which are fundamental components in many embedded and real-time systems.
This vulnerability aligns with CWE-415 and CWE-416, representing improper handling of resource management and double-free conditions in kernel space operations. The flaw also maps to ATT&CK technique T1547.001, which involves hijacking system processes through kernel-level modifications, as the improper error handling could potentially be exploited to manipulate device registration flows. The fix implemented addresses these issues by incorporating proper reference counting through put_device() calls, which ensures that allocated resources are properly released through the kobject_cleanup() mechanism. Additionally, the solution includes a device registration check within zynqmp_ipi_free_mboxes() to prevent attempts to unregister devices that were never successfully registered, thereby eliminating the null pointer dereference condition that caused the kernel crashes.
Mitigation strategies should focus on applying the kernel patches provided by the Linux kernel maintainers, which address both the memory leak and kernel crash conditions. System administrators should prioritize updating their kernel versions to include the fix for CVE-2022-50672, particularly in production environments where embedded systems utilizing Zynq UltraScale+ platforms operate. Organizations should also implement comprehensive testing procedures that validate device registration failure scenarios to ensure proper error handling in their embedded systems. The vulnerability serves as a reminder of the critical importance of robust error handling in kernel space code and the necessity of thorough testing for edge cases in device driver development.