-

CVE-2022-50779

EPSS 0.05%
Veröffentlicht 24.12.2025 13:06:07
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()

When insert and remove the orangefs module, then debug_help_string will
be leaked:

  unreferenced object 0xffff8881652ba000 (size 4096):
    comm "insmod", pid 1701, jiffies 4294893639 (age 13218.530s)
    hex dump (first 32 bytes):
      43 6c 69 65 6e 74 20 44 65 62 75 67 20 4b 65 79  Client Debug Key
      77 6f 72 64 73 20 61 72 65 20 75 6e 6b 6e 6f 77  words are unknow
    backtrace:
      [<0000000004e6f8e3>] kmalloc_trace+0x27/0xa0
      [<0000000006f75d85>] orangefs_prepare_debugfs_help_string+0x5e/0x480 [orangefs]
      [<0000000091270a2a>] _sub_I_65535_1+0x57/0xf70 [crc_itu_t]
      [<000000004b1ee1a3>] do_one_initcall+0x87/0x2a0
      [<000000001d0614ae>] do_init_module+0xdf/0x320
      [<00000000efef068c>] load_module+0x2f98/0x3330
      [<000000006533b44d>] __do_sys_finit_module+0x113/0x1b0
      [<00000000a0da6f99>] do_syscall_64+0x35/0x80
      [<000000007790b19b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

When remove the module, should always free debug_help_string. Should
always free the allocated buffer when change the free_debug_help_string.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 44d3eac26a5e5268d11cc342dc202b0d31505c0a

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < f2b8a6aac561a49fe02c99683c40a8b87a9f68fc

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < ba9d3b9cec20957fd86bb1bf525b4ea8b64b2dea

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < 2e7c09121064df93c58bbc49d3d0f608d3f584bd

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < b8affa0c6405ee968dcb6030bee2cf719a464752

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < 39529b79b023713d4f2d3479dc0ca43ba99df726

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < 3fc221d9a16339a913a0341d3efc7fef339073e1

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < 19be31668552a198e887762e25bdcc560800ecb4

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

Version < d23417a5bf3a3afc55de5442eb46e1e60458b0a1

Version dc0336214eb07ee9de2a41dd4c81c744ffa419ac

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.9

Status affected

Version < 4.9

Version 0

Status unaffected

Version <= 4.9.*

Version 4.9.337

Status unaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/44d3eac26a5e5268d11cc342dc202b0d31505c0a

https://git.kernel.org/stable/c/f2b8a6aac561a49fe02c99683c40a8b87a9f68fc

https://git.kernel.org/stable/c/ba9d3b9cec20957fd86bb1bf525b4ea8b64b2dea

https://git.kernel.org/stable/c/2e7c09121064df93c58bbc49d3d0f608d3f584bd

https://git.kernel.org/stable/c/b8affa0c6405ee968dcb6030bee2cf719a464752

https://git.kernel.org/stable/c/39529b79b023713d4f2d3479dc0ca43ba99df726

https://git.kernel.org/stable/c/3fc221d9a16339a913a0341d3efc7fef339073e1

https://git.kernel.org/stable/c/19be31668552a198e887762e25bdcc560800ecb4

https://git.kernel.org/stable/c/d23417a5bf3a3afc55de5442eb46e1e60458b0a1

https://nvd.nist.gov/vuln/detail/CVE-2022-50779

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50779

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50779

EUVD