CVE-2022-50119 - Vulnerability Details

- rpmsg: Fix possible refcount leak in rpmsg_register_device_override()

Description

In the Linux kernel, the following vulnerability has been resolved:

rpmsg: Fix possible refcount leak in rpmsg_register_device_override()

rpmsg_register_device_override need to call put_device to free vch when
driver_set_override fails.

Fix this by adding a put_device() to the error path.

Published: 2025-06-18

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b585daa34a0a852e6d5e553132b411b6a0192d27`	affected	< 280ae5a028ef5d14ef9277746a3026a30aaebe4f
`c14c6676ad5b78950a45121a7ee6cfb85778e71f`	affected	< c449b28e437d18ae807479c4ac6b69d87b287c79
`3d14785980571ebb313a976e589b9d3563adc704`	affected	< 01e6885b75e25a2dd0726455ef18ef9ce5e7dc87
`5f1bb9f4d4b55c39180329c4e379aa740039eed3`	affected	< 3fdd5b2bb09fc2b5bf3504778f51c89bb48c097f
`bfd4a664ddfbe12f008efb0b0ab6bf25a8ab2538`	affected	< d4c8bf5635c4bedaf2470761ced1f502b2d5434e
`bb17d110cbf270d5247a6e261c5ad50e362d1675`	affected	< c29335612ff44df979678a38e1f55c62004f421c
`bb17d110cbf270d5247a6e261c5ad50e362d1675`	affected	< d7bd416d35121c95fe47330e09a5c04adbc5f928

Linux

affected

Version	Status	Constraints
`5.19`	affected	—
`0`	unaffected	< 5.19
`5.19.2`	unaffected	≤ 5.19.*
`6.0`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-55385	In the Linux kernel, the following vulnerability has been resolved: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg_register_device_override need to call put_device to free vch when driver_set_override fails. Fix this by adding a put_device() to the error path.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00156.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/01e6885b75e25a2dd0726455ef18ef9ce5e7dc87
https://git.kernel.org/stable/c/280ae5a028ef5d14ef9277746a3026a30aaebe4f
https://git.kernel.org/stable/c/3fdd5b2bb09fc2b5bf3504778f51c89bb48c097f
https://git.kernel.org/stable/c/c29335612ff44df979678a38e1f55c62004f421c
https://git.kernel.org/stable/c/c449b28e437d18ae807479c4ac6b69d87b287c79
https://git.kernel.org/stable/c/d4c8bf5635c4bedaf2470761ced1f502b2d5434e
https://git.kernel.org/stable/c/d7bd416d35121c95fe47330e09a5c04adbc5f928
https://lore.kernel.org/linux-cve-announce/2025061810-CVE-2022-50119-3664@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50119
https://www.cve.org/CVERecord?id=CVE-2022-50119

History

Tue, 18 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 20 Jun 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061810-CVE-2022-50119-3664@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50119 https://www.cve.org/CVERecord?id=CVE-2022-50119
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg_register_device_override need to call put_device to free vch when driver_set_override fails. Fix this by adding a put_device() to the error path.
Title		rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
References		https://git.kernel.org/stable/c/01e6885b75e25a2dd0726455ef18ef9ce5e7dc87 https://git.kernel.org/stable/c/280ae5a028ef5d14ef9277746a3026a30aaebe4f https://git.kernel.org/stable/c/3fdd5b2bb09fc2b5bf3504778f51c89bb48c097f https://git.kernel.org/stable/c/c29335612ff44df979678a38e1f55c62004f421c https://git.kernel.org/stable/c/c449b28e437d18ae807479c4ac6b69d87b287c79 https://git.kernel.org/stable/c/d4c8bf5635c4bedaf2470761ced1f502b2d5434e https://git.kernel.org/stable/c/d7bd416d35121c95fe47330e09a5c04adbc5f928

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T11:02:49.264Z

Updated: 2026-05-11T19:13:12.784Z

Reserved: 2025-06-18T10:57:27.415Z

Link: CVE-2022-50119

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-06-18T11:15:41.573

Modified: 2026-06-17T05:22:47.973

Link: CVE-2022-50119

Redhat

Severity : Low

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50119 - Bugzilla

OpenCVE Enrichment

Updated: 2025-06-23T08:36:33Z

Weaknesses

NVD-CWE-Other

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object