CVE-2022-50138: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability (CVE-2022-50138) was discovered in the Linux kernel's RDMA/qedr driver, specifically in the __qedr_alloc_mr() function. The vulnerability was disclosed on June 18, 2025. The issue affects various Linux distributions including Ubuntu, Red Hat, and Debian systems (NVD, Ubuntu Security).

The vulnerability occurs when __qedr_alloc_mr() allocates a memory chunk for mr->info.pbl_table using init_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, the 'mr' is released while mr->info.pbl_table remains unreleased, resulting in a memory leak. The issue specifically affects the RDMA/qedr driver implementation in the Linux kernel (NVD).

The vulnerability leads to memory leaks in the Linux kernel's RDMA/qedr driver, which could potentially result in system resource exhaustion over time. This affects system stability and performance (Wiz).

The vulnerability has been fixed by adding a call to qedr_free_pbl() to release mr->info.pbl_table when an error occurs during the allocation process. Several Linux distributions have released patches, including Ubuntu which has fixed the issue in version 5.15.0-1023.27~20.04.1 for certain configurations (Ubuntu Security).