CVE-2022-50139 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()

We should call of_node_put() for the reference returned by
of_get_child_by_name() which has increased the refcount.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

Advisories

Source	ID	Title
EUVD	EUVD-2022-55405	In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0e0a40c803643f4edc30f0660f2f3bea4d57a99a
https://git.kernel.org/stable/c/220fafb4ed04187e9c17be4152da5a7f2ffbdd8c
https://git.kernel.org/stable/c/3503305225ca24c3229414c769323fb8bf39b4bf
https://git.kernel.org/stable/c/4070f3c83cd28267f469a59751480ad39435f26a
https://git.kernel.org/stable/c/e6db5780c2bf6e23be7b315809ef349b4b4f2213
https://lore.kernel.org/linux-cve-announce/2025061817-CVE-2022-50139-658f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50139
https://www.cve.org/CVERecord?id=CVE-2022-50139

History

Tue, 18 Nov 2025 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 20 Jun 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061817-CVE-2022-50139-658f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50139 https://www.cve.org/CVERecord?id=CVE-2022-50139
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.
Title		usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
References		https://git.kernel.org/stable/c/0e0a40c803643f4edc30f0660f2f3bea4d57a99a https://git.kernel.org/stable/c/220fafb4ed04187e9c17be4152da5a7f2ffbdd8c https://git.kernel.org/stable/c/3503305225ca24c3229414c769323fb8bf39b4bf https://git.kernel.org/stable/c/4070f3c83cd28267f469a59751480ad39435f26a https://git.kernel.org/stable/c/e6db5780c2bf6e23be7b315809ef349b4b4f2213

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T11:03:02.318Z

Updated: 2025-06-18T11:03:02.318Z

Reserved: 2025-06-18T10:57:27.422Z

Link: CVE-2022-50139

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-06-18T11:15:43.840

Modified: 2025-11-18T02:57:43.417

Link: CVE-2022-50139

Redhat

Severity : Low

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50139 - Bugzilla

OpenCVE Enrichment

Updated: 2025-06-23T08:36:34Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object