CVE-2022-49891
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
07/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()<br />
<br />
test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak<br />
when there is no failure. Move kfree(buf) from fail path to common path<br />
to prevent the memleak. The same reason and solution in<br />
test_gen_kretprobe_cmd().<br />
<br />
unreferenced object 0xffff888143b14000 (size 2048):<br />
comm "insmod", pid 52490, jiffies 4301890980 (age 40.553s)<br />
hex dump (first 32 bytes):<br />
70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp<br />
72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys<br />
backtrace:<br />
[] kmalloc_trace+0x27/0xa0<br />
[] 0xffffffffa059006f<br />
[] do_one_initcall+0x87/0x2a0<br />
[] do_init_module+0xdf/0x320<br />
[] load_module+0x3006/0x3390<br />
[] __do_sys_finit_module+0x113/0x1b0<br />
[] do_syscall_64+0x35/0x80<br />
[] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.6 (including) | 5.10.154 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.78 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page