CVE-2022-50431: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50431 affects the Linux kernel's ALSA (Advanced Linux Sound Architecture) subsystem, specifically in the aoa/i2sbus component. The vulnerability was disclosed on October 1, 2025, and involves a potential memory leak in the i2sbus_add_dev() function (NVD).

The vulnerability occurs when dev_set_name() in soundbus_add_one() allocates memory for a name but fails to free it when of_device_register() fails. The issue requires proper memory management through soundbus_dev_put() to release the reference held in device_initialize(), allowing the memory to be freed in kobject_cleanup() when the refcount reaches 0. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Low severity) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability results in a memory leak condition in the Linux kernel's sound subsystem. While the impact is primarily related to resource consumption, it could potentially lead to system performance degradation over time if the leak is repeatedly triggered (NVD).

Multiple Linux distributions have released fixes for this vulnerability. Ubuntu has implemented fixes across various kernel versions, including linux-hwe-5.15 (5.15.0-60.66~20.04.1), linux-azure-5.15 (5.15.0-1033.40~20.04.1), and several other kernel variants. Red Hat has also acknowledged the issue and is working on fixes for affected versions (Ubuntu).