CVE-2022-50569

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfrm: Update ipcomp_scratches with NULL when freed<br /> <br /> Currently if ipcomp_alloc_scratches() fails to allocate memory<br /> ipcomp_scratches holds obsolete address. So when we try to free the<br /> percpu scratches using ipcomp_free_scratches() it tries to vfree non<br /> existent vm area. Described below:<br /> <br /> static void * __percpu *ipcomp_alloc_scratches(void)<br /> {<br /> ...<br /> scratches = alloc_percpu(void *);<br /> if (!scratches)<br /> return NULL;<br /> ipcomp_scratches does not know about this allocation failure.<br /> Therefore holding the old obsolete address.<br /> ...<br /> }<br /> <br /> So when we free,<br /> <br /> static void ipcomp_free_scratches(void)<br /> {<br /> ...<br /> scratches = ipcomp_scratches;<br /> Assigning obsolete address from ipcomp_scratches<br /> <br /> if (!scratches)<br /> return;<br /> <br /> for_each_possible_cpu(i)<br /> vfree(*per_cpu_ptr(scratches, i));<br /> Trying to free non existent page, causing warning: trying to vfree<br /> existent vm area.<br /> ...<br /> }<br /> <br /> Fix this breakage by updating ipcomp_scrtches with NULL when scratches<br /> is freed