CVE-2022-49890
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
07/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
capabilities: fix potential memleak on error path from vfs_getxattr_alloc()<br />
<br />
In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to<br />
complete the memory allocation of tmpbuf, if we have completed<br />
the memory allocation of tmpbuf, but failed to call handler->get(...),<br />
there will be a memleak in below logic:<br />
<br />
|-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)<br />
| /* ^^^ alloc for tmpbuf */<br />
|-- value = krealloc(*xattr_value, error + 1, flags)<br />
| /* ^^^ alloc memory */<br />
|-- error = handler->get(handler, ...)<br />
| /* error! */<br />
|-- *xattr_value = value<br />
| /* xattr_value is &tmpbuf (memory leak!) */<br />
<br />
So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.<br />
<br />
[PM: subject line and backtrace tweaks]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14 (including) | 4.14.299 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.265 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.224 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.154 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.78 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.8 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603
- https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1
- https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
- https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d
- https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee
- https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98
- https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906