Bug 2420335 (CVE-2022-50658)

Summary: CVE-2022-50658 kernel: cpufreq: qcom: fix memory leak in error path
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A memory leak vulnerability was found in the Qualcomm cpufreq driver in the Linux kernel. When the speedbin length is incorrect, the error handling path fails to free the allocated speedbin buffer, leading to a memory leak. Over time, this can cause resource exhaustion and system instability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-09 02:03:46 UTC 
In the Linux kernel, the following vulnerability has been resolved:

cpufreq: qcom: fix memory leak in error path

If for some reason the speedbin length is incorrect, then there is a
memory leak in the error path because we never free the speedbin buffer.
This commit fixes the error path to always free the speedbin buffer.
Comment 1 Alexander B 2025-12-09 19:46:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2022-50658-77b4@gregkh/T