CVE-2022-50121

low-risk

Published 2025-06-18

In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node. When breaking early from a for_each_available_child_of_node() loop, we need to explicitly call of_node_put() on the child node. Add missing of_node_put() to avoid refcount leak.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/3f83c4cf1b78331c23876977aa7b9151aff2f9e1

Patch https://git.kernel.org/stable/c/61cd8cd3b6b33c7eae3b45cf783b114f2ae53528

Patch https://git.kernel.org/stable/c/75358732af9b26acfe3e609943290bcba13330fc

Patch https://git.kernel.org/stable/c/cf112a52d758092ca3d5ebdad51dd17bda5ba3e5

Patch https://git.kernel.org/stable/c/fa220c05d282e7479abe08b54e3bdffd06c25e97

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal