CVE-2022-50823 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

clk: tegra: Fix refcount leak in tegra114_clock_init

of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.

Published: 2025-12-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< 1f0e1cbbaffd729560716e9592aa5e609ea93bb6
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< ce699dcdac2bfdb6b238f2517ba41d9623b15f46
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< 8cc87a9c142ae0e276a3ff9ce50f78a1668da36f
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< 5984b1d66126b024ee77482602ac6e51b53f4116
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< c01bfd23cc13a420b3f6a36bcab98410f49d480d
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< e7a57fb92af52c4da69cd947752e8946e5ada50a
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< 8e1fe30253930c6a67385c19802c5ab8706a76d9
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< a7d3fb5814c73d7d49913e4294f8f508a3038bb4
`2cb5efefd6f7d3e7df9a7430b910a80515821256`	affected	< db16a80c76ea395766913082b1e3f939dde29b2c

Linux

affected

Version	Status	Constraints
`3.10`	affected	—
`0`	unaffected	< 3.10
`4.9.331`	unaffected	≤ 4.9.*
`4.14.296`	unaffected	≤ 4.14.*
`4.19.262`	unaffected	≤ 4.19.*
`5.4.220`	unaffected	≤ 5.4.*
`5.10.150`	unaffected	≤ 5.10.*
`5.15.75`	unaffected	≤ 5.15.*
`5.19.17`	unaffected	≤ 5.19.*
`6.0.3`	unaffected	≤ 6.0.*
`6.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00049.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1f0e1cbbaffd729560716e9592aa5e609ea93bb6
https://git.kernel.org/stable/c/5984b1d66126b024ee77482602ac6e51b53f4116
https://git.kernel.org/stable/c/8cc87a9c142ae0e276a3ff9ce50f78a1668da36f
https://git.kernel.org/stable/c/8e1fe30253930c6a67385c19802c5ab8706a76d9
https://git.kernel.org/stable/c/a7d3fb5814c73d7d49913e4294f8f508a3038bb4
https://git.kernel.org/stable/c/c01bfd23cc13a420b3f6a36bcab98410f49d480d
https://git.kernel.org/stable/c/ce699dcdac2bfdb6b238f2517ba41d9623b15f46
https://git.kernel.org/stable/c/db16a80c76ea395766913082b1e3f939dde29b2c
https://git.kernel.org/stable/c/e7a57fb92af52c4da69cd947752e8946e5ada50a
https://lore.kernel.org/linux-cve-announce/2025123017-CVE-2022-50823-8c3a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50823
https://www.cve.org/CVERecord?id=CVE-2022-50823

History

Thu, 01 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123017-CVE-2022-50823-8c3a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50823 https://www.cve.org/CVERecord?id=CVE-2022-50823
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.
Title		clk: tegra: Fix refcount leak in tegra114_clock_init
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1f0e1cbbaffd729560716e9592aa5e609ea93bb6 https://git.kernel.org/stable/c/5984b1d66126b024ee77482602ac6e51b53f4116 https://git.kernel.org/stable/c/8cc87a9c142ae0e276a3ff9ce50f78a1668da36f https://git.kernel.org/stable/c/8e1fe30253930c6a67385c19802c5ab8706a76d9 https://git.kernel.org/stable/c/a7d3fb5814c73d7d49913e4294f8f508a3038bb4 https://git.kernel.org/stable/c/c01bfd23cc13a420b3f6a36bcab98410f49d480d https://git.kernel.org/stable/c/ce699dcdac2bfdb6b238f2517ba41d9623b15f46 https://git.kernel.org/stable/c/db16a80c76ea395766913082b1e3f939dde29b2c https://git.kernel.org/stable/c/e7a57fb92af52c4da69cd947752e8946e5ada50a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:08:36.911Z

Updated: 2025-12-30T12:08:36.911Z

Reserved: 2025-12-30T12:06:07.131Z

Link: CVE-2022-50823

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-30T13:15:56.743

Modified: 2025-12-31T20:43:05.160

Link: CVE-2022-50823

Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2022-50823 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object