#VU111304 Memory leak in Linux kernel - CVE-2022-50194

Cybersecurity Help s.r.o.

Published: 2025-06-19

Vulnerability identifier: #VU111304

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50194

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmp_cooling_devices_register() function in drivers/soc/qcom/qcom_aoss.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/053543ac1d095132fcfd1263805d6e25afbdc6a8
https://git.kernel.org/stable/c/591f0697ccbac33760d3bb1ad96a5ba2b76ae9f0
https://git.kernel.org/stable/c/97713ed9b6cc4abaa2dcc8357113c56520dc6d7f
https://git.kernel.org/stable/c/bc73c72a856c26df7410ddf15f42257cb4960fe9
https://git.kernel.org/stable/c/ca83c61a6ccf3934cf8d01d5ade30a5034993a86
https://git.kernel.org/stable/c/e6e0951414a314e7db3e9e24fd924b3e15515288

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Memory leak in Linux kernel soc qcom driver