CVE-2022-49800 (GCVE-0-2022-49800)
Vulnerability from cvelistv5
Published
2025-05-01 14:09
Modified
2025-05-04 08:45
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leak when there is no failure. Add kfree(buf) to prevent the memleak. The same reason and solution in test_empty_synth_event(). unreferenced object 0xffff8881127de000 (size 2048): comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<0000000039eb1cf5>] 0xffffffffa00083cd [<000000000e8c3bc8>] 0xffffffffa00086ba [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm "modprobe", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<00000000d4db9a3d>] 0xffffffffa0008071 [<00000000c31354a5>] 0xffffffffa00086ce [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
References
Impacted products
Vendor Product Version
Linux Linux Version: 9fe41efaca08416657efa8731c0d47ccb6a3f3eb
Version: 9fe41efaca08416657efa8731c0d47ccb6a3f3eb
Version: 9fe41efaca08416657efa8731c0d47ccb6a3f3eb
Version: 9fe41efaca08416657efa8731c0d47ccb6a3f3eb
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/synth_event_gen_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "65ba7e7c241122ef0a9e61d1920f2ae9689aa796",
              "status": "affected",
              "version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb",
              "versionType": "git"
            },
            {
              "lessThan": "07ba4f0603aba288580866394f2916dfe55823a2",
              "status": "affected",
              "version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb",
              "versionType": "git"
            },
            {
              "lessThan": "0e5baaa181a052d968701bb9c5b1d55847f00942",
              "status": "affected",
              "version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb",
              "versionType": "git"
            },
            {
              "lessThan": "a4527fef9afe5c903c718d0cd24609fe9c754250",
              "status": "affected",
              "version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/synth_event_gen_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.156",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.80",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.10",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n  comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n  hex dump (first 32 bytes):\n    20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20   gen_synth_test\n    20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f   pid_t next_pid_\n  backtrace:\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n    [\u003c0000000039eb1cf5\u003e] 0xffffffffa00083cd\n    [\u003c000000000e8c3bc8\u003e] 0xffffffffa00086ba\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n  comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n  hex dump (first 32 bytes):\n    20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73   empty_synth_tes\n    74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69  t  pid_t next_pi\n  backtrace:\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n    [\u003c00000000d4db9a3d\u003e] 0xffffffffa0008071\n    [\u003c00000000c31354a5\u003e] 0xffffffffa00086ce\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:45:37.373Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796"
        },
        {
          "url": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250"
        }
      ],
      "title": "tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49800",
    "datePublished": "2025-05-01T14:09:29.042Z",
    "dateReserved": "2025-05-01T14:05:17.225Z",
    "dateUpdated": "2025-05-04T08:45:37.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49800\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:03.303\",\"lastModified\":\"2025-05-02T13:53:20.943\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\\n\\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\\nsame reason and solution in test_empty_synth_event().\\n\\nunreferenced object 0xffff8881127de000 (size 2048):\\n  comm \\\"modprobe\\\", pid 247, jiffies 4294972316 (age 78.756s)\\n  hex dump (first 32 bytes):\\n    20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20   gen_synth_test\\n    20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f   pid_t next_pid_\\n  backtrace:\\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\\n    [\u003c0000000039eb1cf5\u003e] 0xffffffffa00083cd\\n    [\u003c000000000e8c3bc8\u003e] 0xffffffffa00086ba\\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\\nunreferenced object 0xffff8881127df000 (size 2048):\\n  comm \\\"modprobe\\\", pid 247, jiffies 4294972324 (age 78.728s)\\n  hex dump (first 32 bytes):\\n    20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73   empty_synth_tes\\n    74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69  t  pid_t next_pi\\n  backtrace:\\n    [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\\n    [\u003c00000000d4db9a3d\u003e] 0xffffffffa0008071\\n    [\u003c00000000c31354a5\u003e] 0xffffffffa00086ce\\n    [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\\n    [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\\n    [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\\n    [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\\n    [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\\n    [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige la fuga de memoria en test_gen_synth_cmd() y test_empty_synth_event(). Test_gen_synth_cmd() solo libera b\u00fafer en la ruta de fallo, por lo que el b\u00fafer se filtrar\u00e1 aunque no haya fallo. Se ha a\u00f1adido kfree(buf) para evitar la fuga de memoria. La misma raz\u00f3n y soluci\u00f3n se aplican en test_empty_synth_event(). objeto sin referencia 0xffff8881127de000 (size 2048): comm \\\"modprobe\\\", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [\u0026lt;000000004254801a\u0026gt;] kmalloc_trace+0x26/0x100 [\u0026lt;0000000039eb1cf5\u0026gt;] 0xffffffffa00083cd [\u0026lt;000000000e8c3bc8\u0026gt;] 0xffffffffa00086ba [\u0026lt;00000000c293d1ea\u0026gt;] do_one_initcall+0xdb/0x480 [\u0026lt;00000000aa189e6d\u0026gt;] do_init_module+0x1cf/0x680 [\u0026lt;00000000d513222b\u0026gt;] load_module+0x6a50/0x70a0 [\u0026lt;000000001fd4d529\u0026gt;] __do_sys_finit_module+0x12f/0x1c0 [\u0026lt;00000000b36c4c0f\u0026gt;] do_syscall_64+0x3f/0x90 [\u0026lt;00000000bbf20cf3\u0026gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm \\\"modprobe\\\", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [\u0026lt;000000004254801a\u0026gt;] kmalloc_trace+0x26/0x100 [\u0026lt;00000000d4db9a3d\u0026gt;] 0xffffffffa0008071 [\u0026lt;00000000c31354a5\u0026gt;] 0xffffffffa00086ce [\u0026lt;00000000c293d1ea\u0026gt;] do_one_initcall+0xdb/0x480 [\u0026lt;00000000aa189e6d\u0026gt;] do_init_module+0x1cf/0x680 [\u0026lt;00000000d513222b\u0026gt;] load_module+0x6a50/0x70a0 [\u0026lt;000000001fd4d529\u0026gt;] __do_sys_finit_module+0x12f/0x1c0 [\u0026lt;00000000b36c4c0f\u0026gt;] do_syscall_64+0x3f/0x90 [\u0026lt;00000000bbf20cf3\u0026gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd \"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.