{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49891", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.243Z", "datePublished": "2025-05-01T14:10:35.115Z", "dateUpdated": "2025-05-04T08:47:54.692Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:47:54.692Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()\n\ntest_gen_kprobe_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Move kfree(buf) from fail path to common path\nto prevent the memleak. The same reason and solution in\ntest_gen_kretprobe_cmd().\n\nunreferenced object 0xffff888143b14000 (size 2048):\n comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s)\n hex dump (first 32 bytes):\n 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp\n 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys\n backtrace:\n [<000000006d7b836b>] kmalloc_trace+0x27/0xa0\n [<0000000009528b5b>] 0xffffffffa059006f\n [<000000008408b580>] do_one_initcall+0x87/0x2a0\n [<00000000c4980a7e>] do_init_module+0xdf/0x320\n [<00000000d775aad0>] load_module+0x3006/0x3390\n [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0\n [<000000003726480d>] do_syscall_64+0x35/0x80\n [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/kprobe_event_gen_test.c"], "versions": [{"version": "64836248dda20c8e7427b493f7e06d9bf8f58850", "lessThan": "bef08acbe560a926b4cee9cc46404cc98ae5703b", "status": "affected", "versionType": "git"}, {"version": "64836248dda20c8e7427b493f7e06d9bf8f58850", "lessThan": "d1b6a8e3414aeaa0985139180c145d2d0fbd2a49", "status": "affected", "versionType": "git"}, {"version": "64836248dda20c8e7427b493f7e06d9bf8f58850", "lessThan": "71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca", "status": "affected", "versionType": "git"}, {"version": "64836248dda20c8e7427b493f7e06d9bf8f58850", "lessThan": "66f0919c953ef7b55e5ab94389a013da2ce80a2c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/kprobe_event_gen_test.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.154", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.78", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.8", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.10.154"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.15.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.0.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bef08acbe560a926b4cee9cc46404cc98ae5703b"}, {"url": "https://git.kernel.org/stable/c/d1b6a8e3414aeaa0985139180c145d2d0fbd2a49"}, {"url": "https://git.kernel.org/stable/c/71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca"}, {"url": "https://git.kernel.org/stable/c/66f0919c953ef7b55e5ab94389a013da2ce80a2c"}], "title": "tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0DA74CD-D573-4831-8842-4FBB6C0F49AA", "versionEndExcluding": "5.10.154", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1", "versionEndExcluding": "5.15.78", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC9A754E-625D-42F3-87A7-960D643E2867", "versionEndExcluding": "6.0.8", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()\n\ntest_gen_kprobe_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Move kfree(buf) from fail path to common path\nto prevent the memleak. The same reason and solution in\ntest_gen_kretprobe_cmd().\n\nunreferenced object 0xffff888143b14000 (size 2048):\n comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s)\n hex dump (first 32 bytes):\n 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp\n 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys\n backtrace:\n [<000000006d7b836b>] kmalloc_trace+0x27/0xa0\n [<0000000009528b5b>] 0xffffffffa059006f\n [<000000008408b580>] do_one_initcall+0x87/0x2a0\n [<00000000c4980a7e>] do_init_module+0xdf/0x320\n [<00000000d775aad0>] load_module+0x3006/0x3390\n [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0\n [<000000003726480d>] do_syscall_64+0x35/0x80\n [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: kprobe: Se corrige la fuga de memoria en test_gen_kprobe/kretprobe_cmd(). test_gen_kprobe_cmd() solo libera b\u00fafer en la ruta de fallo, por lo que el b\u00fafer se filtrar\u00e1 cuando no haya fallo. Se traslada kfree(buf) de la ruta de fallo a la ruta com\u00fan para evitar la fuga de memoria. El mismo motivo y soluci\u00f3n se aplican en test_gen_kretprobe_cmd(). Objeto sin referencia 0xffff888143b14000 (size 2048): comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s) hex dump (first 32 bytes): 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys backtrace: [&lt;000000006d7b836b&gt;] kmalloc_trace+0x27/0xa0 [&lt;0000000009528b5b&gt;] 0xffffffffa059006f [&lt;000000008408b580&gt;] do_one_initcall+0x87/0x2a0 [&lt;00000000c4980a7e&gt;] do_init_module+0xdf/0x320 [&lt;00000000d775aad0&gt;] load_module+0x3006/0x3390 [&lt;00000000e9a74b80&gt;] __do_sys_finit_module+0x113/0x1b0 [&lt;000000003726480d&gt;] do_syscall_64+0x35/0x80 [&lt;000000003441e93b&gt;] entry_SYSCALL_64_after_hwframe+0x46/0xb0 "}], "id": "CVE-2022-49891", "lastModified": "2025-05-07T13:19:49.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-05-01T15:16:14.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/66f0919c953ef7b55e5ab94389a013da2ce80a2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bef08acbe560a926b4cee9cc46404cc98ae5703b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1b6a8e3414aeaa0985139180c145d2d0fbd2a49"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()", "id": "2363526", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363526"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()\ntest_gen_kprobe_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Move kfree(buf) from fail path to common path\nto prevent the memleak. The same reason and solution in\ntest_gen_kretprobe_cmd().\nunreferenced object 0xffff888143b14000 (size 2048):\ncomm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s)\nhex dump (first 32 bytes):\n70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp\n72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys\nbacktrace:\n[<000000006d7b836b>] kmalloc_trace+0x27/0xa0\n[<0000000009528b5b>] 0xffffffffa059006f\n[<000000008408b580>] do_one_initcall+0x87/0x2a0\n[<00000000c4980a7e>] do_init_module+0xdf/0x320\n[<00000000d775aad0>] load_module+0x3006/0x3390\n[<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0\n[<000000003726480d>] do_syscall_64+0x35/0x80\n[<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0"], "name": "CVE-2022-49891", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49891\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49891\nhttps://lore.kernel.org/linux-cve-announce/2025050158-CVE-2022-49891-67cc@gregkh/T"], "threat_severity": "Moderate"}