CVE-2022-50702 in Linux
Summary
by MITRE • 12/24/2025
In the Linux kernel, the following vulnerability has been resolved:
vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()
Inject fault while probing module, if device_register() fails in vdpasim_net_init() or vdpasim_blk_init(), but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup().
(vdpa_sim_net) unreferenced object 0xffff88807eebc370 (size 16): comm "modprobe", pid 3848, jiffies 4362982860 (age 18.153s) hex dump (first 16 bytes): 76 64 70 61 73 69 6d 5f 6e 65 74 00 6b 6b 6b a5 vdpasim_net.kkk. backtrace: [<ffffffff8174f19e>] __kmalloc_node_track_caller+0x4e/0x150
[<ffffffff81731d53>] kstrdup+0x33/0x60
[<ffffffff83a5d421>] kobject_set_name_vargs+0x41/0x110
[<ffffffff82d87aab>] dev_set_name+0xab/0xe0
[<ffffffff82d91a23>] device_add+0xe3/0x1a80
[<ffffffffa0270013>] 0xffffffffa0270013
[<ffffffff81001c27>] do_one_initcall+0x87/0x2e0
[<ffffffff813739cb>] do_init_module+0x1ab/0x640
[<ffffffff81379d20>] load_module+0x5d00/0x77f0
[<ffffffff8137bc40>] __do_sys_finit_module+0x110/0x1b0
[<ffffffff83c4d505>] do_syscall_64+0x35/0x80
[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
(vdpa_sim_blk) unreferenced object 0xffff8881070c1250 (size 16): comm "modprobe", pid 6844, jiffies 4364069319 (age 17.572s) hex dump (first 16 bytes): 76 64 70 61 73 69 6d 5f 62 6c 6b 00 6b 6b 6b a5 vdpasim_blk.kkk. backtrace: [<ffffffff8174f19e>] __kmalloc_node_track_caller+0x4e/0x150
[<ffffffff81731d53>] kstrdup+0x33/0x60
[<ffffffff83a5d421>] kobject_set_name_vargs+0x41/0x110
[<ffffffff82d87aab>] dev_set_name+0xab/0xe0
[<ffffffff82d91a23>] device_add+0xe3/0x1a80
[<ffffffffa0220013>] 0xffffffffa0220013
[<ffffffff81001c27>] do_one_initcall+0x87/0x2e0
[<ffffffff813739cb>] do_init_module+0x1ab/0x640
[<ffffffff81379d20>] load_module+0x5d00/0x77f0
[<ffffffff8137bc40>] __do_sys_finit_module+0x110/0x1b0
[<ffffffff83c4d505>] do_syscall_64+0x35/0x80
[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/24/2026
The vulnerability identified as CVE-2022-50702 resides within the Linux kernel's virtual data path acceleration simulation module known as vdpa_sim. This flaw manifests as a memory leak occurring during the initialization of virtual network and block devices within the simulation environment. The issue specifically affects the vdpasim_net_init() and vdpasim_blk_init() functions where device registration fails but memory allocated for device names remains unreleased. The vulnerability stems from improper resource management when device registration encounters failure, creating a scenario where kobject reference counts do not reach zero, thereby preventing the automatic cleanup of allocated memory. This memory leak represents a classic case of resource exhaustion that can degrade system performance over time and potentially lead to system instability. The vulnerability is categorized under CWE-401 as a failure to release memory after use, which aligns with the kernel's memory management practices and the specific failure points in the device initialization process.
The technical implementation of this vulnerability involves the interaction between kernel device management functions and memory allocation routines. During module initialization, when device_register() fails in either vdpasim_net_init() or vdpasim_blk_init(), the system attempts to register a device but encounters an error condition. The dev_set_name() function allocates memory for the device name string using kstrdup(), and this allocation is subsequently managed through kobject_set_name_vargs() which creates a kobject name. However, when device_add() fails, the kobject reference count remains non-zero, preventing the kobject_cleanup() callback function from properly freeing the allocated memory. This creates a memory leak where the allocated name string persists in kernel memory even though the device registration has failed. The memory leak occurs because the reference count management in the kobject subsystem fails to decrement properly when device registration is unsuccessful, leaving the allocated memory in an unreferenced state. This represents a failure in the device management lifecycle where proper cleanup is not performed during error conditions.
The operational impact of this vulnerability extends beyond simple memory consumption to potentially affect system stability and resource availability. When the vdpa_sim module is loaded and fails during device initialization, the leaked memory accumulates with each failed initialization attempt, leading to progressive memory degradation. This is particularly concerning in environments where the module is frequently loaded and unloaded or where multiple initialization attempts occur due to configuration errors. The memory leak can compound over time, especially in systems with high module loading frequency, potentially leading to memory pressure that affects other kernel subsystems. The vulnerability is especially problematic in virtualized environments where the VDPA simulation is actively used, as it could impact the performance of virtualized network and block device operations. From an attacker's perspective, this could be leveraged to cause resource exhaustion in systems with limited memory, potentially leading to denial of service conditions. The vulnerability affects the module loading process and could be exploited in scenarios where malicious actors repeatedly attempt to load the module with invalid parameters.
Mitigation strategies for this vulnerability focus on ensuring proper resource cleanup during error conditions in the device initialization process. The fix implemented addresses the root cause by adding a put_device() call in the error handling path, which ensures that the kobject reference count is properly decremented even when device registration fails. This allows the kobject_cleanup() callback function to execute properly and free the allocated memory. System administrators should ensure that all kernel updates are applied promptly to remediate this vulnerability, particularly in environments where the vdpa_sim module is actively used. The fix aligns with the principle of defensive programming and proper resource management, ensuring that all allocated resources are properly cleaned up regardless of the execution path taken. Organizations should also implement monitoring for memory usage patterns that might indicate the presence of this vulnerability in systems where the module is loaded. Additionally, kernel hardening techniques and proper module loading procedures should be implemented to minimize exposure to such issues. The vulnerability demonstrates the importance of comprehensive error handling in kernel modules and the necessity of proper reference counting mechanisms in kernel object management, particularly in virtualization and device simulation contexts that are increasingly common in modern computing environments.