FKIE_CVE-2022-50772

Vulnerability from fkie_nvd - Published: 2025-12-24 13:16 - Updated: 2025-12-24 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsim_bus_dev_new() If device_register() failed in nsim_bus_dev_new(), the value of reference in nsim_bus_dev->dev is 1. obj->name in nsim_bus_dev->dev will not be released. unreferenced object 0xffff88810352c480 (size 16): comm "echo", pid 5691, jiffies 4294945921 (age 133.270s) hex dump (first 16 bytes): 6e 65 74 64 65 76 73 69 6d 31 00 00 00 00 00 00 netdevsim1...... backtrace: [<000000005e2e5e26>] __kmalloc_node_track_caller+0x3a/0xb0 [<0000000094ca4fc8>] kvasprintf+0xc3/0x160 [<00000000aad09bcc>] kvasprintf_const+0x55/0x180 [<000000009bac868d>] kobject_set_name_vargs+0x56/0x150 [<000000007c1a5d70>] dev_set_name+0xbb/0xf0 [<00000000ad0d126b>] device_add+0x1f8/0x1cb0 [<00000000c222ae24>] new_device_store+0x3b6/0x5e0 [<0000000043593421>] bus_attr_store+0x72/0xa0 [<00000000cbb1833a>] sysfs_kf_write+0x106/0x160 [<00000000d0dedb8a>] kernfs_fop_write_iter+0x3a8/0x5a0 [<00000000770b66e2>] vfs_write+0x8f0/0xc80 [<0000000078bb39be>] ksys_write+0x106/0x210 [<00000000005e55a4>] do_syscall_64+0x35/0x80 [<00000000eaa40bbc>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/77579e4065295071fbd9662f03430dca5b50b086
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cf2010aa1c739bab067cbc90b690d28eaa0b47da
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: fix memory leak in nsim_bus_dev_new()\n\nIf device_register() failed in nsim_bus_dev_new(), the value of reference\nin nsim_bus_dev-\u003edev is 1. obj-\u003ename in nsim_bus_dev-\u003edev will not be\nreleased.\n\nunreferenced object 0xffff88810352c480 (size 16):\n  comm \"echo\", pid 5691, jiffies 4294945921 (age 133.270s)\n  hex dump (first 16 bytes):\n    6e 65 74 64 65 76 73 69 6d 31 00 00 00 00 00 00  netdevsim1......\n  backtrace:\n    [\u003c000000005e2e5e26\u003e] __kmalloc_node_track_caller+0x3a/0xb0\n    [\u003c0000000094ca4fc8\u003e] kvasprintf+0xc3/0x160\n    [\u003c00000000aad09bcc\u003e] kvasprintf_const+0x55/0x180\n    [\u003c000000009bac868d\u003e] kobject_set_name_vargs+0x56/0x150\n    [\u003c000000007c1a5d70\u003e] dev_set_name+0xbb/0xf0\n    [\u003c00000000ad0d126b\u003e] device_add+0x1f8/0x1cb0\n    [\u003c00000000c222ae24\u003e] new_device_store+0x3b6/0x5e0\n    [\u003c0000000043593421\u003e] bus_attr_store+0x72/0xa0\n    [\u003c00000000cbb1833a\u003e] sysfs_kf_write+0x106/0x160\n    [\u003c00000000d0dedb8a\u003e] kernfs_fop_write_iter+0x3a8/0x5a0\n    [\u003c00000000770b66e2\u003e] vfs_write+0x8f0/0xc80\n    [\u003c0000000078bb39be\u003e] ksys_write+0x106/0x210\n    [\u003c00000000005e55a4\u003e] do_syscall_64+0x35/0x80\n    [\u003c00000000eaa40bbc\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0"
    }
  ],
  "id": "CVE-2022-50772",
  "lastModified": "2025-12-24T13:16:04.020",
  "metrics": {},
  "published": "2025-12-24T13:16:04.020",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/77579e4065295071fbd9662f03430dca5b50b086"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cf2010aa1c739bab067cbc90b690d28eaa0b47da"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.