CVE-2022-50523: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50523 is a memory leak vulnerability discovered in the Linux kernel's rockchip clock registration functionality. The vulnerability was disclosed on October 7, 2025, affecting the clk: rockchip component. The issue occurs specifically in the rockchipclkregisterpll() function where memory allocated by kmemdup() for @pll->ratetable is not properly freed when clk_register() fails (NVD).

The vulnerability is a memory leak issue in the Linux kernel's clock management subsystem. When the clkregister() function fails during PLL (Phase-Locked Loop) registration for Rockchip devices, the memory previously allocated by kmemdup() for the ratetable is not properly freed. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (Red Hat).

The primary impact of this vulnerability is resource exhaustion through memory leaks, which could potentially lead to system instability or degraded performance over time. The vulnerability affects system availability but does not compromise confidentiality or integrity of the system (Red Hat).

The vulnerability has been fixed in various Linux distributions. Ubuntu has released patches for multiple versions including fixes for linux-azure (5.15.0-1035.42), linux-aws (5.15.0-1033.37~20.04.1), and other kernel variants (Ubuntu). Red Hat has evaluated their products, with many versions being marked as 'Not affected' (Red Hat).