CVE-2022-50376

MEDIUM EPSS 4.2%
Published Sep 18, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 18, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005b405fee>] orangefs_debugfs_init.cold+0xaf/0x17f [<00000000e5a0085b>] 0xffffffffa02780f9 [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Use the golbal variable as the buffer rather than dynamic allocate to slove the problem.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥4.6  –  <5.4.229
linuxlinux_kernel*≥5.5  –  <5.10.163
linuxlinux_kernel*≥5.11  –  <5.15.86
linuxlinux_kernel*≥5.16  –  <6.0.16
linuxlinux_kernel*≥6.1  –  <6.1.2

References 6

  • git.kernel.org https://git.kernel.org/stable/c/0cd303aad220fafa595e0ed593e99aa51b90412b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31720a2b109b3080eb77e97b8f6f50a27b4ae599
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/786e5296f9e3b045d5ff9098514ce7b8ba1d890d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a076490b0211990ec6764328c22cb744dd782bd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bdc2d33fa2324b1f5ab5b701cda45ee0b2384409
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c8853267289c55b1acbe4dc3641374887584834d
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0cd303aad220fafa595e0ed593e99aa51b90412b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31720a2b109b3080eb77e97b8f6f50a27b4ae599
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/786e5296f9e3b045d5ff9098514ce7b8ba1d890d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a076490b0211990ec6764328c22cb744dd782bd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bdc2d33fa2324b1f5ab5b701cda45ee0b2384409
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c8853267289c55b1acbe4dc3641374887584834d
    Patch