CVE-2022-50777 | net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe

In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe of_phy_find_device() return device node with refcount incremented. Call put_device() to relese it when not needed anymore.

Published: 2025-12-24 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2022-50777 is rated Low Risk (12.5/100): low exploitation likelihood (EPSS 0.22%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-50777

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.22%	+0.20%
2	2025-12-25	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-50777

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2022-50777

OS Trackers for CVE-2022-50777

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2022-50777 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2022-50777
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2022-50777
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2022-50777/
`ubuntu`	medium	CVE-2022-50777 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, released 145, not-affected 76, needs-triage 1.	https://ubuntu.com/security/CVE-2022-50777

Affected software / configurations for CVE-2022-50777

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 4.14.74, < 4.14.303	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 4.19.270	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 5.4.229	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 5.10.163	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 5.15.87	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 6.0.19	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 6.1.5	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.19, < 6.2	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.9.131	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.18.12	cpe:2.3:o:linux:linux_kernel::::::::

References for CVE-2022-50777

URL	Tags
https://git.kernel.org/stable/c/00616bd1913a4f879679e02dc08c2f501ca2bd4c
https://git.kernel.org/stable/c/106d0d33c9d1ec4ddeeffc1fdc717ff09953d4ed
https://git.kernel.org/stable/c/4d112f001612c79927c1ecf29522b34c4fa292e0
https://git.kernel.org/stable/c/52841e71253e6ace72751c72560950474a57d04c
https://git.kernel.org/stable/c/53526dbc8aa6b95e9fc2ab1e29b1a9145721da24
https://git.kernel.org/stable/c/78b0b1ff525d9be4babf5a148a4de0d50042d95d
https://git.kernel.org/stable/c/d039535850ee47079d59527e96be18d8e0daa84b
https://git.kernel.org/stable/c/ee84d37a5f08ed1121cdd16f8f3ed87552087a21

cvelogic Threat Intelligence