GHSA-CHJ4-GRXW-4PVW

Vulnerability from github – Published: 2025-10-07 18:31 – Updated: 2025-10-07 18:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

test_firmware: fix memory leak in test_firmware_init()

When misc_register() failed in test_firmware_init(), the memory pointed by test_fw_config->name is not released. The memory leak information is as follows: unreferenced object 0xffff88810a34cb00 (size 32): comm "insmod", pid 7952, jiffies 4294948236 (age 49.060s) hex dump (first 32 bytes): 74 65 73 74 2d 66 69 72 6d 77 61 72 65 2e 62 69 test-firmware.bi 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n............... backtrace: [] __kmalloc_node_track_caller+0x4b/0xc0 [] kstrndup+0x46/0xc0 [] __test_firmware_config_init+0x29/0x380 [test_firmware] [] 0xffffffffa040f068 [] do_one_initcall+0x141/0x780 [] do_init_module+0x1c3/0x630 [] load_module+0x623e/0x76a0 [] __do_sys_finit_module+0x181/0x240 [] do_syscall_64+0x39/0xb0 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50529"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:36Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntest_firmware: fix memory leak in test_firmware_init()\n\nWhen misc_register() failed in test_firmware_init(), the memory pointed\nby test_fw_config-\u003ename is not released. The memory leak information is\nas follows:\nunreferenced object 0xffff88810a34cb00 (size 32):\n  comm \"insmod\", pid 7952, jiffies 4294948236 (age 49.060s)\n  hex dump (first 32 bytes):\n    74 65 73 74 2d 66 69 72 6d 77 61 72 65 2e 62 69  test-firmware.bi\n    6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  n...............\n  backtrace:\n    [\u003cffffffff81b21fcb\u003e] __kmalloc_node_track_caller+0x4b/0xc0\n    [\u003cffffffff81affb96\u003e] kstrndup+0x46/0xc0\n    [\u003cffffffffa0403a49\u003e] __test_firmware_config_init+0x29/0x380 [test_firmware]\n    [\u003cffffffffa040f068\u003e] 0xffffffffa040f068\n    [\u003cffffffff81002c41\u003e] do_one_initcall+0x141/0x780\n    [\u003cffffffff816a72c3\u003e] do_init_module+0x1c3/0x630\n    [\u003cffffffff816adb9e\u003e] load_module+0x623e/0x76a0\n    [\u003cffffffff816af471\u003e] __do_sys_finit_module+0x181/0x240\n    [\u003cffffffff89978f99\u003e] do_syscall_64+0x39/0xb0\n    [\u003cffffffff89a0008b\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
  "id": "GHSA-chj4-grxw-4pvw",
  "modified": "2025-10-07T18:31:08Z",
  "published": "2025-10-07T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50529"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04dd47a2e169f2d4489636afa07ff0469aab49ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b5a89e8bce1ea43687742b4de8e216189ff94ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/357379d504c0c8b0834e206ad8c49e4b3c98ed4d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/628de998a3abfffb3f9677d2fb39a1d5dcb32fdb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6dd5fbd243f19f087dc79481acb7d69fb57fea2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7610615e8cdb3f6f5bbd9d8e7a5d8a63e3cabf2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d8c1d6a430f0aadb80036e2b1bc0a05f9fad247"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed5cbafaf7ce8b86f19998c00eb020c8d49b017f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.