CVE-2022-50446

EPSS 0.02%
Published 01.10.2025 12:15:37
Last modified 02.10.2025 19:12:17
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

ARC: mm: fix leakage of memory allocated for PTE

Since commit d9820ff ("ARC: mm: switch pgtable_t back to struct page *")
a memory leakage problem occurs. Memory allocated for page table entries
not released during process termination. This issue can be reproduced by
a small program that allocates a large amount of memory. After several
runs, you'll see that the amount of free memory has reduced and will
continue to reduce after each run. All ARC CPUs are effected by this
issue. The issue was introduced since the kernel stable release v5.15-rc1.

As described in commit d9820ff after switch pgtable_t back to struct
page *, a pointer to "struct page" and appropriate functions are used to
allocate and free a memory page for PTEs, but the pmd_pgtable macro hasn't
changed and returns the direct virtual address from the PMD (PGD) entry.
Than this address used as a parameter in the __pte_free() and as a result
this function couldn't release memory page allocated for PTEs.

Fix this issue by changing the pmd_pgtable macro and returning pointer to
struct page.

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 14009ada5712649589ab4ad0441b811780ea8773

Version d9820ff76f95fa26d33e412254a89cd65b23142d

Status affected

Version < d83a69966e8b6ae9dd447f3ac704c0223bceb7f7

Version d9820ff76f95fa26d33e412254a89cd65b23142d

Status affected

Version < 4fd9df10cb7a9289fbd22d669f9f98164d95a1ce

Version d9820ff76f95fa26d33e412254a89cd65b23142d

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.77

Status unaffected

Version <= 6.0.*

Version 6.0.7

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/14009ada5712649589ab4ad0441b811780ea8773

https://git.kernel.org/stable/c/4fd9df10cb7a9289fbd22d669f9f98164d95a1ce

https://git.kernel.org/stable/c/d83a69966e8b6ae9dd447f3ac704c0223bceb7f7

https://nvd.nist.gov/vuln/detail/CVE-2022-50446

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50446

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50446

EUVD