CVE-2022-50577

NONE EPSS 9.2%
Published Oct 22, 20258mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Oct 22, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ima: Fix memory leak in __ima_inode_hash() Commit f3cc6b25dcc5 ("ima: always measure and audit files in policy") lets measurement or audit happen even if the file digest cannot be calculated. As a result, iint->ima_hash could have been allocated despite ima_collect_measurement() returning an error. Since ima_hash belongs to a temporary inode metadata structure, declared at the beginning of __ima_inode_hash(), just add a kfree() call if ima_collect_measurement() returns an error different from -ENOMEM (in that case, ima_hash should not have been allocated).

Threat Intelligence

EPSS Exploit Probability
9.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 3

  • git.kernel.org https://git.kernel.org/stable/c/8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8
  • git.kernel.org https://git.kernel.org/stable/c/c4df8cb38f139ed9f4296868c0a6f15a26e8c491
  • git.kernel.org https://git.kernel.org/stable/c/f375bcf69f58fd0744c9dfd1b6b891a27301d67b

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.