LiveActive security incident?Get immediate response
CVE Record

CVE-2022-50561: iio: fix memory leak in iio_device_register_eventset()

In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iio_device_register_eventset() When iio_device_register_sysfs_group() returns failed, iio_device_register_eventset() needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced object 0xffff88810a1cc3c0 (size 32): comm "100-i2c-vcnl302", pid 728, jiffies 4295052307 (age 156.027s) backtrace: __kmalloc+0x46/0x1b0 iio_device_register_eventset at drivers/iio/industrialio-event.c:541 __iio_device_register at drivers/iio/industrialio-core.c:1959 __devm_iio_device_register at drivers/iio/industrialio-core.c:2040

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

CVE-2022-50561 is a Linux kernel memory leak in the Industrial I/O subsystem. If device registration fails in a specific path, allocated memory is not freed. Public sources do not show active exploitation, CVSS, or broad business impact. Treat this as a routine kernel maintenance issue unless your environment depends heavily on IIO-enabled embedded or sensor systems.

Executive priority

Handle through normal patch management. Escalate only for products or fleets that rely on Linux IIO hardware support, especially embedded systems where kernel memory leaks may affect reliability over time.

Technical view

The flaw is in iio_device_register_eventset() in drivers/iio/industrialio-event.c. When iio_device_register_sysfs_group() fails, the attrs array is not freed, causing kmemleak to report an unreferenced allocation. The CVE record lists Linux as affected and references stable kernel commits that address the leak.

Likely exposure

Exposure is most likely on Linux systems using Industrial I/O drivers or devices where the affected registration failure path can occur. General-purpose servers without relevant IIO hardware or drivers are less likely to encounter it. The provided sources do not define a remote attack path.

Exploitation context

No CISA KEV listing is present, and the provided sources do not report active exploitation or public weaponization. The described impact is a kernel memory leak observed by kmemleak during device registration failure, not direct code execution or privilege escalation.

Researcher notes

Evidence is limited to the CVE record and Linux stable commit references. No CVSS, CWE, exploitability assessment, or detailed affected-version range is provided beyond the bundled Linux version data. Avoid assuming impact beyond the documented memory leak.

Mitigation direction

  • Update to a vendor kernel containing the referenced stable Linux fixes.
  • Check Linux distribution advisories for package-specific fixed versions.
  • Prioritize embedded, sensor, and hardware-control systems using IIO drivers.
  • If updates are unavailable, follow vendor guidance for risk reduction.

Validation and detection

  • Inventory Linux kernel versions across affected assets.
  • Check whether kernels include the referenced stable commits.
  • Identify systems using Industrial I/O drivers or relevant hardware.
  • Review kernel logs or kmemleak findings for related IIO registration leaks.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-50561 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
5Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux32f171724e5cbecc80594fb6eced057cfdd6eb6f, 32f171724e5cbecc80594fb6eced057cfdd6eb6f, 32f171724e5cbecc80594fb6eced057cfdd6eb6f, 32f171724e5cbecc80594fb6eced057cfdd6eb6funaffected
LinuxLinux5.13, 0, 5.15.86, 6.0.16, 6.1.2, 6.2affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.