CVE-2022-50765

EPSS 0.02%
Veröffentlicht 24.12.2025 13:05:56
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

RISC-V: kexec: Fix memory leak of elf header buffer

This is reported by kmemleak detector:

unreferenced object 0xff2000000403d000 (size 4096):
  comm "kexec", pid 146, jiffies 4294900633 (age 64.792s)
  hex dump (first 32 bytes):
    7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00  .ELF............
    04 00 f3 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000566ca97c>] kmemleak_vmalloc+0x3c/0xbe
    [<00000000979283d8>] __vmalloc_node_range+0x3ac/0x560
    [<00000000b4b3712a>] __vmalloc_node+0x56/0x62
    [<00000000854f75e2>] vzalloc+0x2c/0x34
    [<00000000e9a00db9>] crash_prepare_elf64_headers+0x80/0x30c
    [<0000000067e8bf48>] elf_kexec_load+0x3e8/0x4ec
    [<0000000036548e09>] kexec_image_load_default+0x40/0x4c
    [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322
    [<0000000040c62c03>] ret_from_syscall+0x0/0x2

In elf_kexec_load(), a buffer is allocated via vzalloc() to store elf
headers.  While it's not freed back to system when kdump kernel is
reloaded or unloaded, or when image->elf_header is successfully set and
then fails to load kdump kernel for some reason. Fix it by freeing the
buffer in arch_kimage_file_post_load_cleanup().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 090bfcfc9f14d05154893c67eeaecc56e894fbae

Version 8acea455fafaf2620b247de6c00774828b618a82

Status affected

Version < cdea2da6787583ecca43594132533a2ac8d7cd21

Version 8acea455fafaf2620b247de6c00774828b618a82

Status affected

Version < cbc32023ddbdf4baa3d9dc513a2184a84080a5a2

Version 8acea455fafaf2620b247de6c00774828b618a82

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.19

Status affected

Version < 5.19

Version 0

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/090bfcfc9f14d05154893c67eeaecc56e894fbae

https://git.kernel.org/stable/c/cdea2da6787583ecca43594132533a2ac8d7cd21

https://git.kernel.org/stable/c/cbc32023ddbdf4baa3d9dc513a2184a84080a5a2

https://nvd.nist.gov/vuln/detail/CVE-2022-50765

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50765

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50765

EUVD