CVE-2022-49891

MEDIUM EPSS 5.5%
Published May 1, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak when there is no failure. Move kfree(buf) from fail path to common path to prevent the memleak. The same reason and solution in test_gen_kretprobe_cmd(). unreferenced object 0xffff888143b14000 (size 2048): comm "insmod", pid 52490, jiffies 4301890980 (age 40.553s) hex dump (first 32 bytes): 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys backtrace: [<000000006d7b836b>] kmalloc_trace+0x27/0xa0 [<0000000009528b5b>] 0xffffffffa059006f [<000000008408b580>] do_one_initcall+0x87/0x2a0 [<00000000c4980a7e>] do_init_module+0xdf/0x320 [<00000000d775aad0>] load_module+0x3006/0x3390 [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0 [<000000003726480d>] do_syscall_64+0x35/0x80 [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <5.10.154
linuxlinux_kernel*≥5.11  –  <5.15.78
linuxlinux_kernel*≥5.16  –  <6.0.8
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/66f0919c953ef7b55e5ab94389a013da2ce80a2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bef08acbe560a926b4cee9cc46404cc98ae5703b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1b6a8e3414aeaa0985139180c145d2d0fbd2a49
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/66f0919c953ef7b55e5ab94389a013da2ce80a2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bef08acbe560a926b4cee9cc46404cc98ae5703b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1b6a8e3414aeaa0985139180c145d2d0fbd2a49
    Patch