CVE-2022-50269

EPSS 0.02%
Veröffentlicht 15.09.2025 14:21:05
Zuletzt bearbeitet 15.09.2025 15:22:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

drm/vkms: Fix memory leak in vkms_init()

A memory leak was reported after the vkms module install failed.

unreferenced object 0xffff88810bc28520 (size 16):
  comm "modprobe", pid 9662, jiffies 4298009455 (age 42.590s)
  hex dump (first 16 bytes):
    01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff  ...d............
  backtrace:
    [<00000000e7561ff8>] kmalloc_trace+0x27/0x60
    [<000000000b1954a0>] 0xffffffffc45200a9
    [<00000000abbf1da0>] do_one_initcall+0xd0/0x4f0
    [<000000001505ee87>] do_init_module+0x1a4/0x680
    [<00000000958079ad>] load_module+0x6249/0x7110
    [<00000000117e4696>] __do_sys_finit_module+0x140/0x200
    [<00000000f74b12d2>] do_syscall_64+0x35/0x80
    [<000000008fc6fcde>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

The reason is that the vkms_init() returns without checking the return
value of vkms_create(), and if the vkms_create() failed, the config
allocated at the beginning of vkms_init() is leaked.

 vkms_init()
   config = kmalloc(...) # config allocated
   ...
   return vkms_create() # vkms_create failed and config is leaked

Fix this problem by checking return value of vkms_create() and free the
config if error happened.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < bad13de764888b765ceaa4668893b52bd16653cc

Version 2df7af93fdadb9ba8226fe443fae15ecdefda2a6

Status affected

Version < bebd60ec3bf21062f103e32e6203c6daabdbd51b

Version 2df7af93fdadb9ba8226fe443fae15ecdefda2a6

Status affected

Version < 07ab77154d6fd2d67e465ab5ce30083709950f02

Version 2df7af93fdadb9ba8226fe443fae15ecdefda2a6

Status affected

Version < 0d0b368b9d104b437e1f4850ae94bdb9a3601e89

Version 2df7af93fdadb9ba8226fe443fae15ecdefda2a6

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.12

Status affected

Version < 5.12

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/bad13de764888b765ceaa4668893b52bd16653cc

https://git.kernel.org/stable/c/bebd60ec3bf21062f103e32e6203c6daabdbd51b

https://git.kernel.org/stable/c/07ab77154d6fd2d67e465ab5ce30083709950f02

https://git.kernel.org/stable/c/0d0b368b9d104b437e1f4850ae94bdb9a3601e89

https://nvd.nist.gov/vuln/detail/CVE-2022-50269

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50269

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50269

EUVD