CVE-2022-49334

MEDIUM EPSS 14.6%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: Fix xarray node memory leak If xas_split_alloc() fails to allocate the necessary nodes to complete the xarray entry split, it sets the xa_state to -ENOMEM, which xas_nomem() then interprets as "Please allocate more memory", not as "Please free any unnecessary memory" (which was the intended outcome). It's confusing to use xas_nomem() to free memory in this context, so call xas_destroy() instead.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥5.17  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4
linuxlinux_kernel5.19any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/69a37a8ba1b408a1c7616494aa7018e4b3844cbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95c8181b4947e000f3b9b8e5918d899fce77b93d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c0c84962e297927ba57fd6ddc2bb000c9d149655
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/69a37a8ba1b408a1c7616494aa7018e4b3844cbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95c8181b4947e000f3b9b8e5918d899fce77b93d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c0c84962e297927ba57fd6ddc2bb000c9d149655
    Patch