CVE-2022-50479: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50479 is a vulnerability in the Linux kernel related to a potential memory leak in the AMD DRM (Direct Rendering Manager) driver. The vulnerability was disclosed on October 4, 2025, affecting various Linux kernel versions. The issue specifically occurs when the clk_src function encounters a NULL return condition (NVD, Ubuntu).

The vulnerability stems from improper memory management in the AMD DRM driver where a memory leak occurs when the function returns NULL. The issue specifically involves the incorrect use of free() instead of kfree() for memory deallocation. Red Hat has assigned this vulnerability a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating a low to moderate severity level (Red Hat).

The vulnerability's primary impact is resource exhaustion through memory leaks in affected Linux systems running the AMD DRM driver. According to the CVSS metrics, while the vulnerability doesn't affect confidentiality or integrity, it can have a high impact on system availability through memory consumption (Red Hat).

The vulnerability has been fixed in various Linux distributions. Ubuntu has marked this as a medium priority issue and is providing updates for affected systems. Red Hat has deferred fixes for Red Hat Enterprise Linux 8 and 9, while versions 6 and 7 are not affected. For systems that cannot be immediately patched, no specific workarounds have been published (Ubuntu, Red Hat).