CVE-2022-50854 in Linux
Summary
by MITRE • 12/30/2025
In the Linux kernel, the following vulnerability has been resolved:
nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
skb should be free in virtual_nci_send(), otherwise kmemleak will report memleak.
Steps for reproduction (simulated in qemu): cd tools/testing/selftests/nci make ./nci_dev
BUG: memory leak unreferenced object 0xffff888107588000 (size 208): comm "nci_dev", pid 206, jiffies 4294945376 (age 368.248s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000008d94c8fd>] __alloc_skb+0x1da/0x290
[<00000000278bc7f8>] nci_send_cmd+0xa3/0x350
[<0000000081256a22>] nci_reset_req+0x6b/0xa0
[<000000009e721112>] __nci_request+0x90/0x250
[<000000005d556e59>] nci_dev_up+0x217/0x5b0
[<00000000e618ce62>] nfc_dev_up+0x114/0x220
[<00000000981e226b>] nfc_genl_dev_up+0x94/0xe0
[<000000009bb03517>] genl_family_rcv_msg_doit.isra.14+0x228/0x2d0
[<00000000b7f8c101>] genl_rcv_msg+0x35c/0x640
[<00000000c94075ff>] netlink_rcv_skb+0x11e/0x350
[<00000000440cfb1e>] genl_rcv+0x24/0x40
[<0000000062593b40>] netlink_unicast+0x43f/0x640
[<000000001d0b13cc>] netlink_sendmsg+0x73a/0xbf0
[<000000003272487f>] __sys_sendto+0x324/0x370
[<00000000ef9f1747>] __x64_sys_sendto+0xdd/0x1b0
[<000000001e437841>] do_syscall_64+0x3f/0x90
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2022-50854 resides within the Linux kernel's NFC subsystem, specifically in the virtual_ncidev driver component. This issue manifests as a memory leak occurring in the virtual_nci_send() function, where allocated memory buffers are not properly released back to the system. The problem is particularly significant within the context of NFC (Near Field Communication) device management, where the kernel must handle various communication protocols and data transfers. The vulnerability was discovered through automated testing procedures involving the selftests framework, specifically targeting the nci (NFC Controller Interface) subsystem. When the nci_dev test application is executed within a qemu simulation environment, the memory leak becomes apparent through kmemleak reporting mechanisms, which are designed to identify unreferenced kernel memory objects that could indicate potential memory management issues.
The technical flaw in this vulnerability stems from improper memory management within the virtual_nci_send() function, which is part of the NFC virtual device implementation. During normal operation, the function allocates memory buffers using kernel networking primitives such as __alloc_skb(), which is a standard function for allocating socket buffers in the Linux kernel networking stack. The allocated memory object, as shown in the debug output, is a 208-byte buffer located at address 0xffff888107588000, which becomes unreferenced and remains allocated in kernel memory. This memory leak occurs because the skb (socket buffer) allocated during the transmission process is not properly freed when the function exits, creating a situation where kernel memory is consumed without being returned to the system. The backtrace provided demonstrates the call chain leading to the allocation, starting from nci_dev_up() which triggers nfc_dev_up() and ultimately leads to the netlink communication layer where the memory leak originates.
The operational impact of this vulnerability extends beyond simple memory consumption, as it represents a potential vector for resource exhaustion attacks that could degrade system performance or lead to system instability. While the individual memory leak may appear minor, in sustained operations or under high load conditions, multiple instances of this leak could accumulate and cause significant memory pressure within the kernel's memory management subsystem. The vulnerability affects systems running Linux kernels that include the NFC virtual device driver implementation, particularly those utilizing the NCI protocol for NFC communication. The issue is particularly concerning in embedded systems or IoT devices where memory resources are constrained, as the accumulation of such leaks could lead to system crashes or denial of service conditions. The vulnerability can be reproduced reliably through the provided test procedures, making it a consistent issue that affects the kernel's memory management integrity and could potentially be exploited by adversaries to consume system resources.
Mitigation strategies for this vulnerability primarily involve applying the kernel patch that correctly implements memory cleanup in the virtual_nci_send() function. The fix ensures that allocated sk_buff structures are properly freed using the appropriate kernel memory management functions such as kfree_skb() or dev_kfree_skb(). System administrators should prioritize applying the upstream kernel patch as soon as possible, particularly in production environments where NFC functionality is utilized. The vulnerability aligns with CWE-401, which describes improper handling of memory allocation and deallocation, and can be categorized under ATT&CK technique T1499.201 for resource exhaustion attacks. Organizations should implement regular kernel update procedures and maintain awareness of kernel security advisories, as this type of memory leak vulnerability can be exploited to consume system resources over time. Additionally, monitoring systems should be configured to detect memory leaks through kernel memory debugging tools, and automated testing should include memory leak detection mechanisms to catch similar issues in future kernel versions. The fix demonstrates the importance of proper resource management in kernel space, where every allocated resource must have a corresponding deallocation to prevent system degradation and maintain overall system stability.