{"id":"CVE-2022-50626","summary":"media: dvb-usb: fix memory leak in dvb_usb_adapter_init()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: fix memory leak in dvb_usb_adapter_init()\n\nSyzbot reports a memory leak in \"dvb_usb_adapter_init()\".\nThe leak is due to not accounting for and freeing current iteration's\nadapter-\u003epriv in case of an error. Currently if an error occurs,\nit will exit before incrementing \"num_adapters_initalized\",\nwhich is used as a reference counter to free all adap-\u003epriv\nin \"dvb_usb_adapter_exit()\". There are multiple error paths that\ncan exit from before incrementing the counter. Including the\nerror handling paths for \"dvb_usb_adapter_stream_init()\",\n\"dvb_usb_adapter_dvb_init()\" and \"dvb_usb_adapter_frontend_init()\"\nwithin \"dvb_usb_adapter_init()\".\n\nThis means that in case of an error in any of these functions the\ncurrent iteration is not accounted for and the current iteration's\nadap-\u003epriv is not freed.\n\nFix this by freeing the current iteration's adap-\u003epriv in the\n\"stream_init_err:\" label in the error path. The rest of the\n(accounted for) adap-\u003epriv objects are freed in dvb_usb_adapter_exit()\nas expected using the num_adapters_initalized variable.\n\nSyzbot report:\n\nBUG: memory leak\nunreferenced object 0xffff8881172f1a00 (size 512):\n  comm \"kworker/0:2\", pid 139, jiffies 4294994873 (age 10.960s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace:\n    [\u003cffffffff844af012\u003e] dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:75 [inline]\n    [\u003cffffffff844af012\u003e] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:184 [inline]\n    [\u003cffffffff844af012\u003e] dvb_usb_device_init.cold+0x4e5/0x79e drivers/media/usb/dvb-usb/dvb-usb-init.c:308\n    [\u003cffffffff830db21d\u003e] dib0700_probe+0x8d/0x1b0 drivers/media/usb/dvb-usb/dib0700_core.c:883\n    [\u003cffffffff82d3fdc7\u003e] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n    [\u003cffffffff8274ab37\u003e] call_driver_probe drivers/base/dd.c:542 [inline]\n    [\u003cffffffff8274ab37\u003e] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621\n    [\u003cffffffff8274ae6c\u003e] really_probe drivers/base/dd.c:583 [inline]\n    [\u003cffffffff8274ae6c\u003e] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752\n    [\u003cffffffff8274af6a\u003e] driver_probe_device+0x2a/0x120 drivers/base/dd.c:782\n    [\u003cffffffff8274b786\u003e] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:899\n    [\u003cffffffff82747c87\u003e] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427\n    [\u003cffffffff8274b352\u003e] __device_attach+0x122/0x260 drivers/base/dd.c:970\n    [\u003cffffffff827498f6\u003e] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487\n    [\u003cffffffff82745cdb\u003e] device_add+0x5fb/0xdf0 drivers/base/core.c:3405\n    [\u003cffffffff82d3d202\u003e] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170\n    [\u003cffffffff82d4dbfc\u003e] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n    [\u003cffffffff82d3f49c\u003e] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n    [\u003cffffffff8274ab37\u003e] call_driver_probe drivers/base/dd.c:542 [inline]\n    [\u003cffffffff8274ab37\u003e] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621\n    [\u003cffffffff8274ae6c\u003e] really_probe drivers/base/dd.c:583 [inline]\n    [\u003cffffffff8274ae6c\u003e] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752","modified":"2026-04-02T08:28:39.741784Z","published":"2025-12-08T01:16:40.754Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50626.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/17217737c174883dd975885ab4bee4b00f517239"},{"type":"WEB","url":"https://git.kernel.org/stable/c/21b6b0c9f3796e6917e90db403dae9e74025fc40"},{"type":"WEB","url":"https://git.kernel.org/stable/c/733bc9e226da2a7f43b10031b8ebfc26d89ec4bd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d7ab25ead969594df05fb09ee46ca931d46c5c8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93bbf2ed428142aa9a9693721230b28571678bf8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/94d90fb06b94a90c176270d38861bcba34ce377d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0af6220bb1eed8225a5511de5a3bd386b94afa4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5a49140035591d13ff57a7537c65217e5af0d15"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5d01eb6dc2f699a395d3e731c58a9b3bb4e269f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50626.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50626"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4d43e13f723e12734257277cc38497fab1efc605"},{"fixed":"733bc9e226da2a7f43b10031b8ebfc26d89ec4bd"},{"fixed":"e5a49140035591d13ff57a7537c65217e5af0d15"},{"fixed":"21b6b0c9f3796e6917e90db403dae9e74025fc40"},{"fixed":"17217737c174883dd975885ab4bee4b00f517239"},{"fixed":"7d7ab25ead969594df05fb09ee46ca931d46c5c8"},{"fixed":"d0af6220bb1eed8225a5511de5a3bd386b94afa4"},{"fixed":"e5d01eb6dc2f699a395d3e731c58a9b3bb4e269f"},{"fixed":"93bbf2ed428142aa9a9693721230b28571678bf8"},{"fixed":"94d90fb06b94a90c176270d38861bcba34ce377d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50626.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.19"},{"fixed":"4.9.337"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.303"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.270"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50626.json"}}],"schema_version":"1.7.5"}