CVE-2022-49890

MEDIUM EPSS 7.6%
Published May 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic: |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(*xattr_value, error + 1, flags) | /* ^^^ alloc memory */ |-- error = handler->get(handler, ...) | /* error! */ |-- *xattr_value = value | /* xattr_value is &tmpbuf (memory leak!) */ So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it. [PM: subject line and backtrace tweaks]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.14  –  <4.14.299
linuxlinux_kernel*≥4.15  –  <4.19.265
linuxlinux_kernel*≥4.20  –  <5.4.224
linuxlinux_kernel*≥5.5  –  <5.10.154
linuxlinux_kernel*≥5.11  –  <5.15.78
linuxlinux_kernel*≥5.16  –  <6.0.8
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906
    Patch