5.5

CVE-2022-50263

EPSS 0.01%
Veröffentlicht 15.09.2025 14:20:59
Zuletzt bearbeitet 02.12.2025 19:21:08
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

vdpasim: fix memory leak when freeing IOTLBs

In the Linux kernel, the following vulnerability has been resolved:

vdpasim: fix memory leak when freeing IOTLBs

After commit bda324fd037a ("vdpasim: control virtqueue support"),
vdpasim->iommu became an array of IOTLB, so we should clean the
mappings of each free one by one instead of just deleting the ranges
in the first IOTLB which may leak maps.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 4 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.19 < 6.0.19

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.5

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/54b210c90d2803a9f1c8fd2f0d08e90172e9a06d

Patch

https://git.kernel.org/stable/c/16b22e27fba6fd816d0dcb98f42cc71f0836c27e

Patch

https://git.kernel.org/stable/c/0b7a04a30eef20e6b24926a45c0ce7906ae85bd6

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50263

EUVD