{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50658", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-09T01:26:45.989Z", "datePublished": "2025-12-09T01:29:06.106Z", "dateUpdated": "2025-12-09T01:29:06.106Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T01:29:06.106Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: qcom: fix memory leak in error path\n\nIf for some reason the speedbin length is incorrect, then there is a\nmemory leak in the error path because we never free the speedbin buffer.\nThis commit fixes the error path to always free the speedbin buffer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cpufreq/qcom-cpufreq-nvmem.c"], "versions": [{"version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b", "lessThan": "e55feb31df3fc78b880d6e9d4b5853f05c974833", "status": "affected", "versionType": "git"}, {"version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b", "lessThan": "b5606e3ab1f7cc00d89903f4a11fe57747bb3a68", "status": "affected", "versionType": "git"}, {"version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b", "lessThan": "b6ea267e0c6bdf5463358e2a2e5280cfa6cacc48", "status": "affected", "versionType": "git"}, {"version": "a8811ec764f95a04ba82f6f457e28c5e9e36e36b", "lessThan": "9f42cf54403a42cb092636804d2628d8ecf71e75", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cpufreq/qcom-cpufreq-nvmem.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.152", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.76", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.6", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.10.152"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.0.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e55feb31df3fc78b880d6e9d4b5853f05c974833"}, {"url": "https://git.kernel.org/stable/c/b5606e3ab1f7cc00d89903f4a11fe57747bb3a68"}, {"url": "https://git.kernel.org/stable/c/b6ea267e0c6bdf5463358e2a2e5280cfa6cacc48"}, {"url": "https://git.kernel.org/stable/c/9f42cf54403a42cb092636804d2628d8ecf71e75"}], "title": "cpufreq: qcom: fix memory leak in error path", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: qcom: fix memory leak in error path\n\nIf for some reason the speedbin length is incorrect, then there is a\nmemory leak in the error path because we never free the speedbin buffer.\nThis commit fixes the error path to always free the speedbin buffer."}], "id": "CVE-2022-50658", "lastModified": "2025-12-09T18:37:13.640", "metrics": {}, "published": "2025-12-09T16:17:17.250", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9f42cf54403a42cb092636804d2628d8ecf71e75"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b5606e3ab1f7cc00d89903f4a11fe57747bb3a68"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b6ea267e0c6bdf5463358e2a2e5280cfa6cacc48"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e55feb31df3fc78b880d6e9d4b5853f05c974833"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: cpufreq: qcom: fix memory leak in error path", "id": "2420335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420335"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2022-50658", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50658\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50658\nhttps://lore.kernel.org/linux-cve-announce/2025120941-CVE-2022-50658-77b4@gregkh/T"], "threat_severity": "Low"}