-

CVE-2022-50376

In the Linux kernel, the following vulnerability has been resolved:

orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()

When insert and remove the orangefs module, there are memory leaked
as below:

unreferenced object 0xffff88816b0cc000 (size 2048):
  comm "insmod", pid 783, jiffies 4294813439 (age 65.512s)
  hex dump (first 32 bytes):
    6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00  none............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<0000000031ab7788>] kmalloc_trace+0x27/0xa0
    [<000000005b405fee>] orangefs_debugfs_init.cold+0xaf/0x17f
    [<00000000e5a0085b>] 0xffffffffa02780f9
    [<000000004232d9f7>] do_one_initcall+0x87/0x2a0
    [<0000000054f22384>] do_init_module+0xdf/0x320
    [<000000003263bdea>] load_module+0x2f98/0x3330
    [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0
    [<00000000250ae02b>] do_syscall_64+0x35/0x80
    [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Use the golbal variable as the buffer rather than dynamic allocate to
slove the problem.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
Product Linux
Default Statusunaffected
Version < bdc2d33fa2324b1f5ab5b701cda45ee0b2384409
Version f7ab093f74bf638ed98fd1115f3efa17e308bb7f
Status affected
Version < a076490b0211990ec6764328c22cb744dd782bd9
Version f7ab093f74bf638ed98fd1115f3efa17e308bb7f
Status affected
Version < c8853267289c55b1acbe4dc3641374887584834d
Version f7ab093f74bf638ed98fd1115f3efa17e308bb7f
Status affected
Version < 786e5296f9e3b045d5ff9098514ce7b8ba1d890d
Version f7ab093f74bf638ed98fd1115f3efa17e308bb7f
Status affected
Version < 0cd303aad220fafa595e0ed593e99aa51b90412b
Version f7ab093f74bf638ed98fd1115f3efa17e308bb7f
Status affected
Version < 31720a2b109b3080eb77e97b8f6f50a27b4ae599
Version f7ab093f74bf638ed98fd1115f3efa17e308bb7f
Status affected
VendorLinux
Product Linux
Default Statusaffected
Version 4.6
Status affected
Version < 4.6
Version 0
Status unaffected
Version <= 5.4.*
Version 5.4.229
Status unaffected
Version <= 5.10.*
Version 5.10.163
Status unaffected
Version <= 5.15.*
Version 5.15.86
Status unaffected
Version <= 6.0.*
Version 6.0.16
Status unaffected
Version <= 6.1.*
Version 6.1.2
Status unaffected
Version <= *
Version 6.2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.078
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string