CVE-2022-50544: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability (CVE-2022-50544) was identified in the Linux kernel's USB host controller driver (xHCI). The issue occurs in the xhciallocstreaminfo() function where the stream context array (streaminfo->streamctxarray) allocated by xhciallocstream_ctx() is not properly released when an error occurs, leading to a potential memory leak (NVD).

The vulnerability exists in the xHCI USB host controller driver's stream allocation functionality. When xhciallocstreaminfo() allocates a stream context array using xhciallocstreamctx(), it fails to properly release streaminfo->streamctx_array in error handling paths. This oversight results in a memory leak condition (Ubuntu).

The vulnerability can lead to memory leaks in the Linux kernel, potentially causing system resource depletion over time if repeatedly triggered (NVD).

The issue has been fixed by properly releasing the streaminfo->streamctxarray with xhcifreestreamctx() on the error path. Multiple Linux distributions have released patches, including Ubuntu which has fixed this in various kernel versions including 5.15.0-60.66 for 22.04 LTS and 5.4.0-1086.92 for 20.04 LTS (Ubuntu).