CVE-2022-50561: iio: fix memory leak in iio_device_register_eventset()
In the Linux kernel, the following vulnerability has been resolved:
iio: fix memory leak in iio_device_register_eventset()
When iio_device_register_sysfs_group() returns failed,
iio_device_register_eventset() needs to free attrs array.
Otherwise, kmemleak would scan & report memory leak as below:
unreferenced object 0xffff88810a1cc3c0 (size 32):
comm "100-i2c-vcnl302", pid 728, jiffies 4295052307 (age 156.027s)
backtrace:
__kmalloc+0x46/0x1b0
iio_device_register_eventset at drivers/iio/industrialio-event.c:541
__iio_device_register at drivers/iio/industrialio-core.c:1959
__devm_iio_device_register at drivers/iio/industrialio-core.c:2040
Security readout for executives and security teams
Plain-English summary
CVE-2022-50561 is a Linux kernel memory leak in the Industrial I/O subsystem. If device registration fails in a specific path, allocated memory is not freed. Public sources do not show active exploitation, CVSS, or broad business impact. Treat this as a routine kernel maintenance issue unless your environment depends heavily on IIO-enabled embedded or sensor systems.
Executive priority
Handle through normal patch management. Escalate only for products or fleets that rely on Linux IIO hardware support, especially embedded systems where kernel memory leaks may affect reliability over time.
Technical view
The flaw is in iio_device_register_eventset() in drivers/iio/industrialio-event.c. When iio_device_register_sysfs_group() fails, the attrs array is not freed, causing kmemleak to report an unreferenced allocation. The CVE record lists Linux as affected and references stable kernel commits that address the leak.
Likely exposure
Exposure is most likely on Linux systems using Industrial I/O drivers or devices where the affected registration failure path can occur. General-purpose servers without relevant IIO hardware or drivers are less likely to encounter it. The provided sources do not define a remote attack path.
Exploitation context
No CISA KEV listing is present, and the provided sources do not report active exploitation or public weaponization. The described impact is a kernel memory leak observed by kmemleak during device registration failure, not direct code execution or privilege escalation.
Researcher notes
Evidence is limited to the CVE record and Linux stable commit references. No CVSS, CWE, exploitability assessment, or detailed affected-version range is provided beyond the bundled Linux version data. Avoid assuming impact beyond the documented memory leak.
Mitigation direction
Update to a vendor kernel containing the referenced stable Linux fixes.
Check Linux distribution advisories for package-specific fixed versions.
Prioritize embedded, sensor, and hardware-control systems using IIO drivers.
If updates are unavailable, follow vendor guidance for risk reduction.
Validation and detection
Inventory Linux kernel versions across affected assets.
Check whether kernels include the referenced stable commits.
Identify systems using Industrial I/O drivers or relevant hardware.
Review kernel logs or kmemleak findings for related IIO registration leaks.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-50561 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
5Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 22, 2025, 13:23 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.