CVE-2022-50639

EPSS 0.02%
Veröffentlicht 09.12.2025 00:00:12
Zuletzt bearbeitet 09.12.2025 18:37:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

io-wq: Fix memory leak in worker creation

If the CPU mask allocation for a node fails, then the memory allocated for
the 'io_wqe' struct of the current node doesn't get freed on the error
handling path, since it has not yet been added to the 'wqes' array.

This was spotted when fuzzing v6.1-rc1 with Syzkaller:
BUG: memory leak
unreferenced object 0xffff8880093d5000 (size 1024):
  comm "syz-executor.2", pid 7701, jiffies 4295048595 (age 13.900s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000cb463369>] __kmem_cache_alloc_node+0x18e/0x720
    [<00000000147a3f9c>] kmalloc_node_trace+0x2a/0x130
    [<000000004e107011>] io_wq_create+0x7b9/0xdc0
    [<00000000c38b2018>] io_uring_alloc_task_context+0x31e/0x59d
    [<00000000867399da>] __io_uring_add_tctx_node.cold+0x19/0x1ba
    [<000000007e0e7a79>] io_uring_setup.cold+0x1b80/0x1dce
    [<00000000b545e9f6>] __x64_sys_io_uring_setup+0x5d/0x80
    [<000000008a8a7508>] do_syscall_64+0x5d/0x90
    [<000000004ac08bec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b6e2c54be37d5eb4f6666e6aa59cd0581c7ffc3c

Version 0e03496d1967abf1ebb151a24318c07d07f41f7f

Status affected

Version < ed981911a7c90a604f4a2bee908ab07e3b786aca

Version 0e03496d1967abf1ebb151a24318c07d07f41f7f

Status affected

Version < 996d3efeb091c503afd3ee6b5e20eabf446fd955

Version 0e03496d1967abf1ebb151a24318c07d07f41f7f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.14

Status affected

Version < 5.14

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 6.0.*

Version 6.0.4

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/b6e2c54be37d5eb4f6666e6aa59cd0581c7ffc3c

https://git.kernel.org/stable/c/ed981911a7c90a604f4a2bee908ab07e3b786aca

https://git.kernel.org/stable/c/996d3efeb091c503afd3ee6b5e20eabf446fd955

https://nvd.nist.gov/vuln/detail/CVE-2022-50639

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50639

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50639

EUVD