DEBIAN-CVE-2022-50457

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-50457
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50457.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50457
Upstream
Published
2025-10-01T12:15:38.967Z
Modified
2026-03-11T07:35:49.145997Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: mtd: core: Fix refcount error in delmtddevice() delmtddevice() will call ofnodeput() to mtdgetofnode(mtd), which is mtd->dev.ofnode. However, memset(&mtd->dev, 0) is called before ofnodeput(). As the result, ofnodeput() won't do anything in delmtddevice(), and causes the refcount leak. delmtddevice() memset(&mtd->dev, 0, sizeof(mtd->dev) # clear mtd->dev ofnodeput() mtdgetofnode(mtd) # mtd->dev is cleared, can't locate ofnode # ofnodeput(NULL) won't do anything Fix the error by caching the pointer of the devicenode. OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget()/ofnodeput() unbalanced - destroy cset entry: attach overlay node /spi/spi-sram@0 CPU: 3 PID: 275 Comm: python3 Tainted: G N 6.1.0-rc3+ #54 0d8a1edddf51f172ff5226989a7565c6313b08e2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dumpstacklvl+0x67/0x83 kobjectget+0x155/0x160 ofnodeget+0x1f/0x30 offwnodeget+0x43/0x70 fwnodehandleget+0x54/0x80 fwnodegetnthparent+0xc9/0xe0 fwnodefullnamestring+0x3f/0xa0 devicenodestring+0x30f/0x750 pointer+0x598/0x7a0 vsnprintf+0x62d/0x9b0 ... cfsoverlayrelease+0x30/0x90 configitemrelease+0xbe/0x1a0 configitemput+0x5e/0x80 configfsrmdir+0x3bd/0x540 vfsrmdir+0x18c/0x320 do_rmdir+0x198/0x330 __x64sysrmdir+0x2c/0x40 dosyscall64+0x37/0x90 entrySYSCALL64afterhwframe+0x63/0xcd [miquel.raynal@bootlin.com: Light reword of the commit log]

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50457.json"

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50457.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50457.json"