CVE-2022-50376 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005b405fee>] orangefs_debugfs_init.cold+0xaf/0x17f [<00000000e5a0085b>] 0xffffffffa02780f9 [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Use the golbal variable as the buffer rather than dynamic allocate to slove the problem.

PUBLISHED Reserved 2025-09-17 | Published 2025-09-18 | Updated 2025-09-19 | Assigner Linux

Product status

Default status

unaffected

f7ab093f74bf638ed98fd1115f3efa17e308bb7f (git) before bdc2d33fa2324b1f5ab5b701cda45ee0b2384409

affected

f7ab093f74bf638ed98fd1115f3efa17e308bb7f (git) before a076490b0211990ec6764328c22cb744dd782bd9

affected

f7ab093f74bf638ed98fd1115f3efa17e308bb7f (git) before c8853267289c55b1acbe4dc3641374887584834d

affected

f7ab093f74bf638ed98fd1115f3efa17e308bb7f (git) before 786e5296f9e3b045d5ff9098514ce7b8ba1d890d

affected

f7ab093f74bf638ed98fd1115f3efa17e308bb7f (git) before 0cd303aad220fafa595e0ed593e99aa51b90412b

affected

f7ab093f74bf638ed98fd1115f3efa17e308bb7f (git) before 31720a2b109b3080eb77e97b8f6f50a27b4ae599

affected

Default status

affected

4.6

affected

Any version before 4.6

unaffected

5.4.229 (semver)

unaffected

5.10.163 (semver)

unaffected

5.15.86 (semver)

unaffected

6.0.16 (semver)

unaffected

6.1.2 (semver)

unaffected

6.2 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/bdc2d33fa2324b1f5ab5b701cda45ee0b2384409

git.kernel.org/...c/a076490b0211990ec6764328c22cb744dd782bd9

git.kernel.org/...c/c8853267289c55b1acbe4dc3641374887584834d

git.kernel.org/...c/786e5296f9e3b045d5ff9098514ce7b8ba1d890d

git.kernel.org/...c/0cd303aad220fafa595e0ed593e99aa51b90412b

git.kernel.org/...c/31720a2b109b3080eb77e97b8f6f50a27b4ae599

cve.org (CVE-2022-50376)

nvd.nist.gov (CVE-2022-50376)

Download JSON