Bug 2402247 (CVE-2022-50523)

Summary: CVE-2022-50523 kernel: clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A memory leak flaw was found in the Linux kernel's Rockchip clock driver in the PLL registration error path. A local user on systems with Rockchip hardware can trigger this issue when PLL clock registration fails, causing the driver to return without freeing memory previously allocated by kmemdup for the rate table. This results in a permanent memory leak that accumulates across registration failure cycles, leading to resource exhaustion and denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-07 16:05:17 UTC 
In the Linux kernel, the following vulnerability has been resolved:

clk: rockchip: Fix memory leak in rockchip_clk_register_pll()

If clk_register() fails, @pll->rate_table may have allocated memory by
kmemdup(), so it needs to be freed, otherwise will cause memory leak
issue, this patch fixes it.
Comment 1 Jon Moroney 2025-10-07 17:00:37 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2022-50523-d569@gregkh/T