FKIE_CVE-2022-49800

Vulnerability from fkie_nvd - Published: 2025-05-01 15:16 - Updated: 2025-11-07 19:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leak when there is no failure. Add kfree(buf) to prevent the memleak. The same reason and solution in test_empty_synth_event(). unreferenced object 0xffff8881127de000 (size 2048): comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<0000000039eb1cf5>] 0xffffffffa00083cd [<000000000e8c3bc8>] 0xffffffffa00086ba [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm "modprobe", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<00000000d4db9a3d>] 0xffffffffa0008071 [<00000000c31354a5>] 0xffffffffa00086ce [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.1
linux linux_kernel 6.1
linux linux_kernel 6.1
linux linux_kernel 6.1
linux linux_kernel 6.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E305F2-A5CD-4E1F-B66F-77300B3EC524",
              "versionEndExcluding": "5.10.156",
              "versionStartIncluding": "5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BBEF3B-79F5-4D4C-ADBA-F34DA0E2465C",
              "versionEndExcluding": "5.15.80",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F9ADD1-3ADB-4D66-A00F-4A83010B05F0",
              "versionEndExcluding": "6.0.10",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n  comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n  hex dump (first 32 bytes):\n    20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20   gen_synth_test\n    20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f   pid_t next_pid_\n  backtrace:\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n    [\u003c0000000039eb1cf5\u003e] 0xffffffffa00083cd\n    [\u003c000000000e8c3bc8\u003e] 0xffffffffa00086ba\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n  comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n  hex dump (first 32 bytes):\n    20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73   empty_synth_tes\n    74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69  t  pid_t next_pi\n  backtrace:\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n    [\u003c00000000d4db9a3d\u003e] 0xffffffffa0008071\n    [\u003c00000000c31354a5\u003e] 0xffffffffa00086ce\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige la fuga de memoria en test_gen_synth_cmd() y test_empty_synth_event(). Test_gen_synth_cmd() solo libera b\u00fafer en la ruta de fallo, por lo que el b\u00fafer se filtrar\u00e1 aunque no haya fallo. Se ha a\u00f1adido kfree(buf) para evitar la fuga de memoria. La misma raz\u00f3n y soluci\u00f3n se aplican en test_empty_synth_event(). objeto sin referencia 0xffff8881127de000 (size 2048): comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [\u0026lt;000000004254801a\u0026gt;] kmalloc_trace+0x26/0x100 [\u0026lt;0000000039eb1cf5\u0026gt;] 0xffffffffa00083cd [\u0026lt;000000000e8c3bc8\u0026gt;] 0xffffffffa00086ba [\u0026lt;00000000c293d1ea\u0026gt;] do_one_initcall+0xdb/0x480 [\u0026lt;00000000aa189e6d\u0026gt;] do_init_module+0x1cf/0x680 [\u0026lt;00000000d513222b\u0026gt;] load_module+0x6a50/0x70a0 [\u0026lt;000000001fd4d529\u0026gt;] __do_sys_finit_module+0x12f/0x1c0 [\u0026lt;00000000b36c4c0f\u0026gt;] do_syscall_64+0x3f/0x90 [\u0026lt;00000000bbf20cf3\u0026gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [\u0026lt;000000004254801a\u0026gt;] kmalloc_trace+0x26/0x100 [\u0026lt;00000000d4db9a3d\u0026gt;] 0xffffffffa0008071 [\u0026lt;00000000c31354a5\u0026gt;] 0xffffffffa00086ce [\u0026lt;00000000c293d1ea\u0026gt;] do_one_initcall+0xdb/0x480 [\u0026lt;00000000aa189e6d\u0026gt;] do_init_module+0x1cf/0x680 [\u0026lt;00000000d513222b\u0026gt;] load_module+0x6a50/0x70a0 [\u0026lt;000000001fd4d529\u0026gt;] __do_sys_finit_module+0x12f/0x1c0 [\u0026lt;00000000b36c4c0f\u0026gt;] do_syscall_64+0x3f/0x90 [\u0026lt;00000000bbf20cf3\u0026gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd "
    }
  ],
  "id": "CVE-2022-49800",
  "lastModified": "2025-11-07T19:33:15.817",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-01T15:16:03.303",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.