Vulnerability DatabaseCVE-2022-50672

CVE-2022-50672:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

mailbox: zynq-ipi: fix error handling while device_register() fails

If device_register() fails, it has two issues:

The name allocated by dev_set_name() is leaked.
The parent of device is not NULL, device_unregister() is called in zynqmp_ipi_free_mboxes(), it will lead a kernel crash because of removing not added device.

Call put_device() to give up the reference, so the name is freed in kobject_cleanup(). Add device registered check in zynqmp_ipi_free_mboxes() to avoid null-ptr-deref.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

Published December 9, 2025

CNA Score N/A

Affected Technologies

Linux Debian
Linux Ubuntu

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 9.9

Exploitation Probability (EPSS) N/A

Affected packages and libraries

linux-intel-iotg-5.15
linux-kvm

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13, 14 Has FixAdded at: Dec 09, 2025
Echo
- Echo Has FixAdded at: Dec 09, 2025
Ubuntu Security Tracker
- Ubuntu 18.04, 20.04, 22.04 Severity MEDIUMHas FixAdded at: Dec 11, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22776	HIGH	8.7	Linux Debian	cpp-httplib	No	No	Jan 12, 2026
CVE-2026-22801	MEDIUM	6.8	OpenJDK JDK	java-1.8.0-openjdk-accessibility-fastdebug	No	Yes	Jan 12, 2026
CVE-2026-22695	MEDIUM	6.1	OpenJDK JDK	java-1.8.0-openjdk-javadoc-zip	No	Yes	Jan 12, 2026
CVE-2026-22251	MEDIUM	5.3	Python	wlc	No	Yes	Jan 12, 2026
CVE-2026-0665	N/A	N/A	Linux Debian	qemu	No	No	Jan 13, 2026