CVE-2022-50765

EPSS 0.03%
Veröffentlicht 24.12.2025 13:05:56
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

RISC-V: kexec: Fix memory leak of elf header buffer

In the Linux kernel, the following vulnerability has been resolved:

RISC-V: kexec: Fix memory leak of elf header buffer

This is reported by kmemleak detector:

unreferenced object 0xff2000000403d000 (size 4096):
  comm "kexec", pid 146, jiffies 4294900633 (age 64.792s)
  hex dump (first 32 bytes):
    7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00  .ELF............
    04 00 f3 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000566ca97c>] kmemleak_vmalloc+0x3c/0xbe
    [<00000000979283d8>] __vmalloc_node_range+0x3ac/0x560
    [<00000000b4b3712a>] __vmalloc_node+0x56/0x62
    [<00000000854f75e2>] vzalloc+0x2c/0x34
    [<00000000e9a00db9>] crash_prepare_elf64_headers+0x80/0x30c
    [<0000000067e8bf48>] elf_kexec_load+0x3e8/0x4ec
    [<0000000036548e09>] kexec_image_load_default+0x40/0x4c
    [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322
    [<0000000040c62c03>] ret_from_syscall+0x0/0x2

In elf_kexec_load(), a buffer is allocated via vzalloc() to store elf
headers.  While it's not freed back to system when kdump kernel is
reloaded or unloaded, or when image->elf_header is successfully set and
then fails to load kdump kernel for some reason. Fix it by freeing the
buffer in arch_kimage_file_post_load_cleanup().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 8acea455fafaf2620b247de6c00774828b618a82

Version < 090bfcfc9f14d05154893c67eeaecc56e894fbae

Status affected

Version 8acea455fafaf2620b247de6c00774828b618a82

Version < cdea2da6787583ecca43594132533a2ac8d7cd21

Status affected

Version 8acea455fafaf2620b247de6c00774828b618a82

Version < cbc32023ddbdf4baa3d9dc513a2184a84080a5a2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.19

Status affected

Version 0

Version < 5.19

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/090bfcfc9f14d05154893c67eeaecc56e894fbae

https://git.kernel.org/stable/c/cdea2da6787583ecca43594132533a2ac8d7cd21

https://git.kernel.org/stable/c/cbc32023ddbdf4baa3d9dc513a2184a84080a5a2

https://nvd.nist.gov/vuln/detail/CVE-2022-50765

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50765

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50765

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-50765