CVE-2022-50562

tpm: acpi: Call acpi_put_table() to fix memory leak

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpi_put_table() to fix memory leak The start and length of the event log area are obtained from
TPM2 or TCPA table, so we call acpi_get_table() to get the
ACPI information, but the acpi_get_table() should be coupled with
acpi_put_table() to release the ACPI memory, add the acpi_put_table()
properly to fix the memory leak. While we are at it, remove the redundant empty line at the
end of the tpm_read_log_acpi().

In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpi_put_table() to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA table, so we call acpi_get_table() to get the ACPI information, but the acpi_get_table() should be coupled with acpi_put_table() to release the ACPI memory, add the acpi_put_table() properly to fix the memory leak. While we are at it, remove the redundant empty line at the end of the tpm_read_log_acpi().

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-10-22 CVE Reserved
2025-10-22 CVE Published
2026-04-01 EPSS Updated
2026-05-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-772: Missing Release of Resource after Effective Lifetime

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/0bfb23746052168620c5b52f49d8a47c3bb022fa	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8ddc48068ac85740d3d5f9f3b0b323e733a35b33	2023-01-14
https://git.kernel.org/stable/c/638cd298dfebce46919cbd6cf1884701215f506d	2023-01-12
https://git.kernel.org/stable/c/694a3d66f493afd77c704c6de91d9be4d6e004e4	2023-01-04
https://git.kernel.org/stable/c/bf31e3f8077af539feaf4e9bbf82e8eb51e7e5a8	2023-01-04
https://git.kernel.org/stable/c/8740a12ca2e2959531ad253bac99ada338b33d80	2022-12-08

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-50562	2023-11-14
https://bugzilla.redhat.com/show_bug.cgi?id=2405754	2023-11-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.87 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.87"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.0.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.0.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.1.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.1.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.2"		en		Affected