CVE-2022-49627

Summary

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix potential memory leak in ima_init_crypto()

On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the ima_algo_array. Add the missing kfree() for ima_algo_array to avoid the potential memory leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6d94809af6b0830c4dfcad661535a5939bcb8a7d < c1d9702ceb4a091da6bee380627596d1fba09274affected
LinuxLinux6d94809af6b0830c4dfcad661535a5939bcb8a7d < 601ae26aa2802a4c10c94d7388a99eabdbefab2baffected
LinuxLinux6d94809af6b0830c4dfcad661535a5939bcb8a7d < 830de9667b3ada0a75a3f098dfc7159709fe397baffected
LinuxLinux6d94809af6b0830c4dfcad661535a5939bcb8a7d < 067d2521874135267e681c19d42761c601d503d6affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux5.10.132 <= 5.10.*unaffected
LinuxLinux5.15.56 <= 5.15.*unaffected
LinuxLinux5.18.13 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References