Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2022-50578

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
22/10/2025
Última modificación:
22/10/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> class: fix possible memory leak in __class_register()<br /> <br /> If class_add_groups() returns error, the &amp;#39;cp-&gt;subsys&amp;#39; need be<br /> unregister, and the &amp;#39;cp&amp;#39; need be freed.<br /> <br /> We can not call kset_unregister() here, because the &amp;#39;cls&amp;#39; will<br /> be freed in callback function class_release() and it&amp;#39;s also<br /> freed in caller&amp;#39;s error path, it will cause double free.<br /> <br /> So fix this by calling kobject_del() and kfree_const(name) to<br /> cleanup kobject. Besides, call kfree() to free the &amp;#39;cp&amp;#39;.<br /> <br /> Fault injection test can trigger this:<br /> <br /> unreferenced object 0xffff888102fa8190 (size 8):<br /> comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)<br /> hex dump (first 8 bytes):<br /> 70 6b 74 63 64 76 64 00 pktcdvd.<br /> backtrace:<br /> [] __kmalloc_track_caller+0x1ae/0x320<br /> [] kstrdup+0x3a/0x70<br /> [] kstrdup_const+0x68/0x80<br /> [] kvasprintf_const+0x10b/0x190<br /> [] kobject_set_name_vargs+0x56/0x150<br /> [] kobject_set_name+0xab/0xe0<br /> [] __class_register+0x15c/0x49a<br /> <br /> unreferenced object 0xffff888037274000 (size 1024):<br /> comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)<br /> hex dump (first 32 bytes):<br /> 00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff .@&amp;#39;7.....@&amp;#39;7....<br /> 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........<br /> backtrace:<br /> [] kmem_cache_alloc_trace+0x17c/0x2f0<br /> [] __class_register+0x86/0x49a

Impacto