{
  "threat_severity" : "Low",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Resource leak in regulator_register can cause system unavailability",
    "id" : "2425053",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425053"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nregulator: core: fix resource leak in regulator_register()\nI got some resource leak reports while doing fault injection test:\nOF: ERROR: memory leak, expected refcount 1 instead of 100,\nof_node_get()/of_node_put() unbalanced - destroy cset entry:\nattach overlay node /i2c/pmic@64/regulators/buck1\nunreferenced object 0xffff88810deea000 (size 512):\ncomm \"490-i2c-rt5190a\", pid 253, jiffies 4294859840 (age 5061.046s)\nhex dump (first 32 bytes):\n00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........\nff ff ff ff ff ff ff ff a0 1e 00 a1 ff ff ff ff  ................\nbacktrace:\n[<00000000d78541e2>] kmalloc_trace+0x21/0x110\n[<00000000b343d153>] device_private_init+0x32/0xd0\n[<00000000be1f0c70>] device_add+0xb2d/0x1030\n[<00000000e3e6344d>] regulator_register+0xaf2/0x12a0\n[<00000000e2f5e754>] devm_regulator_register+0x57/0xb0\n[<000000008b898197>] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]\nunreferenced object 0xffff88810b617b80 (size 32):\ncomm \"490-i2c-rt5190a\", pid 253, jiffies 4294859904 (age 5060.983s)\nhex dump (first 32 bytes):\n72 65 67 75 6c 61 74 6f 72 2e 32 38 36 38 2d 53  regulator.2868-S\n55 50 50 4c 59 00 ff ff 29 00 00 00 2b 00 00 00  UPPLY...)...+...\nbacktrace:\n[<000000009da9280d>] __kmalloc_node_track_caller+0x44/0x1b0\n[<0000000025c6a4e5>] kstrdup+0x3a/0x70\n[<00000000790efb69>] create_regulator+0xc0/0x4e0\n[<0000000005ed203a>] regulator_resolve_supply+0x2d4/0x440\n[<0000000045796214>] regulator_register+0x10b3/0x12a0\n[<00000000e2f5e754>] devm_regulator_register+0x57/0xb0\n[<000000008b898197>] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]\nAfter calling regulator_resolve_supply(), the 'rdev->supply' is set\nby set_supply(), after this set, in the error path, the resources\nneed be released, so call regulator_put() to avoid the leaks.", "A flaw was found in the Linux kernel. This vulnerability, a resource leak within the regulator_register() function, can be exploited by a local user. Successful exploitation could lead to a Denial of Service (DoS), making the system unavailable due to resource exhaustion." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50724\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50724\nhttps://lore.kernel.org/linux-cve-announce/2025122418-CVE-2022-50724-f625@gregkh/T" ],
  "name" : "CVE-2022-50724",
  "csaw" : false
}