CVE-2022-50146

low-risk

Published 2025-06-18

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory leak. Add a cleanup-on-error path to fix these leaks. [bhelgaas: commit log]

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/2d546db5c80c45cac3ccd929550244fd58f4ff58

Patch https://git.kernel.org/stable/c/3b453f5d06d1f1d6b20a75ea51dc7b53ae78f479

Patch https://git.kernel.org/stable/c/8161e9626b50892eaedbd8070ecb1586ecedb109

Patch https://git.kernel.org/stable/c/b03a8f1264ea8c363bec9ef6e37b467f27cb04ea

Patch https://git.kernel.org/stable/c/e7599a5974d4c64eaae8009c3f2e47b9e3223e07

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal