CVE-2022-49801
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
07/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tracing: Fix memory leak in tracing_read_pipe()<br />
<br />
kmemleak reports this issue:<br />
<br />
unreferenced object 0xffff888105a18900 (size 128):<br />
comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)<br />
hex dump (first 32 bytes):<br />
25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...B.X.<br />
03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................<br />
backtrace:<br />
[] __kmalloc_node_track_caller+0x4a/0x140<br />
[] krealloc+0x8d/0xf0<br />
[] trace_iter_expand_format+0x99/0x150<br />
[] trace_check_vprintf+0x1e0/0x11d0<br />
[] trace_event_printf+0xb6/0xf0<br />
[] trace_raw_output_bpf_trace_printk+0x89/0xc0<br />
[] print_trace_line+0x73c/0x1480<br />
[] tracing_read_pipe+0x45c/0x9f0<br />
[] vfs_read+0x17b/0x7c0<br />
[] ksys_read+0xed/0x1c0<br />
[] do_syscall_64+0x3b/0x90<br />
[] entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />
<br />
iter->fmt alloced in<br />
tracing_read_pipe() -> .. ->trace_iter_expand_format(), but not<br />
freed, to fix, add free in tracing_release_pipe()
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.190 (including) | 5.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.15.80 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page