CVE-2022-50482: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50482 is a vulnerability discovered in the Linux kernel related to memory management in the IOMMU/VT-d subsystem. The issue was identified and published on October 4, 2025. The vulnerability specifically affects the initialization process in the initdmars() function, where a memory leak occurs in the sidomain when the initialization fails (NVD, RedHat).

The vulnerability stems from a memory leak in the sidomain when initdmars() fails. This issue was discovered after observing a splat from kmemcachedestroy() with kernels prior to commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool"). While the mempool code has been removed, the sidomain memory leak persists in the initdmars() error path. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability results in a memory leak condition when the init_dmars() function fails, potentially leading to resource exhaustion. The impact is primarily focused on system availability, as indicated by the CVSS metrics showing no impact on confidentiality or integrity, but high impact on availability (RedHat).

Red Hat has provided status updates for various versions of their Enterprise Linux distributions. RHEL 6 and 7 are not affected, while RHEL 8 and 9 have fixes deferred. The fix involves properly cleaning up sidomain in the initdmars() error path (RedHat).