CVE-2022-50400

low-risk

Published 2025-09-18

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: audio_helper: remove unused and wrong debugfs usage In the greybus audio_helper code, the debugfs file for the dapm has the potential to be removed and memory will be leaked. There is also the very real potential for this code to remove ALL debugfs entries from the system, and it seems like this is what will really happen if this code ever runs. This all is very wrong as the greybus audio driver did not create this debugfs file, the sound core did and controls the lifespan of it. So remove all of the debugfs logic from the audio_helper code as there's no way it could be correct. If this really is needed, it can come back with a fixup for the incorrect usage of the debugfs_lookup() call which is what caused this to be noticed at all.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/4dab0d27a4211a27135a6899d6c737e6e0759a11

Patch https://git.kernel.org/stable/c/5699afbff1fa2972722e863906c0320d55dd4d58

Patch https://git.kernel.org/stable/c/d0febad83e29d85bb66e4f5cac0115b022403338

Patch https://git.kernel.org/stable/c/d517cdeb904ddc0cbebcc959d43596426cac40b0

Patch https://git.kernel.org/stable/c/d835fa49d9589a780ff0d001bb7e6323238a4afb

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal