ghsa-x78r-fcw5-873j
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
mtd: core: fix possible resource leak in init_mtd()
I got the error report while inject fault in init_mtd():
sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace: dump_stack_lvl+0x67/0x83 sysfs_warn_dup+0x60/0x70 sysfs_create_dir_ns+0x109/0x120 kobject_add_internal+0xce/0x2f0 kobject_add+0x98/0x110 device_add+0x179/0xc00 device_create_groups_vargs+0xf4/0x100 device_create+0x7b/0xb0 bdi_register_va.part.13+0x58/0x2d0 bdi_register+0x9b/0xb0 init_mtd+0x62/0x171 [mtd] do_one_initcall+0x6c/0x3c0 do_init_module+0x58/0x222 load_module+0x268e/0x27d0 __do_sys_finit_module+0xd5/0x140 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd kobject_add_internal failed for mtd-0 with -EEXIST, don't try to register things with the same name in the same directory. Error registering mtd class or bdi: -17
If init_mtdchar() fails in init_mtd(), mtd_bdi will not be unregistered, as a result, we can't load the mtd module again, to fix this by calling bdi_unregister(mtd_bdi) after out_procfs label.
{
"affected": [],
"aliases": [
"CVE-2022-50304"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:41Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: core: fix possible resource leak in init_mtd()\n\nI got the error report while inject fault in init_mtd():\n\nsysfs: cannot create duplicate filename \u0027/devices/virtual/bdi/mtd-0\u0027\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x67/0x83\n sysfs_warn_dup+0x60/0x70\n sysfs_create_dir_ns+0x109/0x120\n kobject_add_internal+0xce/0x2f0\n kobject_add+0x98/0x110\n device_add+0x179/0xc00\n device_create_groups_vargs+0xf4/0x100\n device_create+0x7b/0xb0\n bdi_register_va.part.13+0x58/0x2d0\n bdi_register+0x9b/0xb0\n init_mtd+0x62/0x171 [mtd]\n do_one_initcall+0x6c/0x3c0\n do_init_module+0x58/0x222\n load_module+0x268e/0x27d0\n __do_sys_finit_module+0xd5/0x140\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\nkobject_add_internal failed for mtd-0 with -EEXIST, don\u0027t try to register\n\tthings with the same name in the same directory.\nError registering mtd class or bdi: -17\n\nIf init_mtdchar() fails in init_mtd(), mtd_bdi will not be unregistered,\nas a result, we can\u0027t load the mtd module again, to fix this by calling\nbdi_unregister(mtd_bdi) after out_procfs label.",
"id": "GHSA-x78r-fcw5-873j",
"modified": "2025-09-15T15:31:26Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50304"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1aadf01e5076b9ab6bf294b9622335c651314895"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/26c304a3f136009c5a2a04e2bf3ac6aa25aabcb4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78816504100cbd8e6836df9f58cc4fbb8b262f1c"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.